Linka (talk | contribs)
fixed wording to be less accusatory
 
(2 intermediate revisions by one other user not shown)
Line 12: Line 12:
<blockquote>Users will need to complete OOBE with internet and a Microsoft account, to ensure device is setup correctly.<ref>{{cite web |first=Amanda |last=Langowski |date=6 Oct 2025 |website=Windows Blog |title= Announcing Windows 11 Insider Preview Build 26220.6772 (Dev Channel) |url-status=live |url=https://blogs.windows.com/windows-insider/2025/10/06/announcing-windows-11-insider-preview-build-26220-6772-dev-channel/ |archive-url=https://web.archive.org/web/20251006214508/https://blogs.windows.com/windows-insider/2025/10/06/announcing-windows-11-insider-preview-build-26220-6772-dev-channel/ |archive-date=2025-10-06}}</ref></blockquote>
<blockquote>Users will need to complete OOBE with internet and a Microsoft account, to ensure device is setup correctly.<ref>{{cite web |first=Amanda |last=Langowski |date=6 Oct 2025 |website=Windows Blog |title= Announcing Windows 11 Insider Preview Build 26220.6772 (Dev Channel) |url-status=live |url=https://blogs.windows.com/windows-insider/2025/10/06/announcing-windows-11-insider-preview-build-26220-6772-dev-channel/ |archive-url=https://web.archive.org/web/20251006214508/https://blogs.windows.com/windows-insider/2025/10/06/announcing-windows-11-insider-preview-build-26220-6772-dev-channel/ |archive-date=2025-10-06}}</ref></blockquote>


*Updates are forced and cannot be disabled, only postponed by default. They can only be disabled with third-party tools. Some settings and preferences set by the user are modified after applying updates. A very known case of this happening is the modification of the default browser preferences to [[Microsoft Edge]] if the user has set another default web browser instead.
*Updates are forced and cannot be fully disabled, only paused and postponed for some weeks, they can be disabled only with third-party tools.  
<blockquote>When you pause updates, you’re temporarily delaying updates until the date you choose. This doesn’t permanently turn off automatic updates. When you resume updates, Windows will check for updates again and may need to re-download and reinstall them.<ref>{{cite web |website=Windows Support |title=Pause updates in Windows |url=https://support.microsoft.com/en-us/windows/pause-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe |url-status=live |archive-url=https://web.archive.org/web/20241213160548/https://support.microsoft.com/en-us/windows/pause-updates-in-windows-643e9ea7-3cf6-7da6-a25c-95d4f7f099fe |archive-date=2024-12-13}}</ref></blockquote>
 
Some settings and preferences set by the user are modified after applying updates, a case of this happening is the modification of the default browser preferences to [[Microsoft Edge]] if the user has set another default web browser instead.<ref>{{cite web |first=Asher |last=Reed |website=Microsoft Community |title=Default browser setting keeps reverting to Edge |url=https://techcommunity.microsoft.com/discussions/windows11/default-browser-setting-keeps-reverting-to-edge/4482125 |url-status=live |date=31 Dec 2025 |archive-url=https://web.archive.org/web/20260104132013/https://techcommunity.microsoft.com/discussions/windows11/default-browser-setting-keeps-reverting-to-edge/4482125 |archive-date=2026-01-04}}</ref><ref>{{cite web |url=https://learn.microsoft.com/en-us/answers/questions/2407349/how-can-i-stop-microsoft-edge-from-becoming-the-de |title=How can I stop Microsoft Edge from becoming the default browser after every restart? Please HELP! |url-status=live |website=Microsoft Learn |date=30 Jun 2025 |archive-url=https://web.archive.org/web/20251009035713/https://learn.microsoft.com/en-us/answers/questions/2407349/how-can-i-stop-microsoft-edge-from-becoming-the-de |archive-date=2025-10-09}}</ref>


*BitLocker drive encryption is forced and there are known incidents of users permanently losing their data. <ref>{{Cite web |last=Sen |first=Sayan |date=1 May 2025 |title=Windows 11 users reportedly losing data due to Microsoft's forced BitLocker encryption |url=https://www.neowin.net/news/windows-11-users-reportedly-losing-data-due-to-microsofts-forced-bitlocker-encryption/ |url-status=live |archive-url=https://archive.is/69uPN |archive-date=2025-05-02 |access-date=9 Mar 2026 |website=Neowin}}</ref> <ref>{{Cite web |last=Nasir|first=Hassam |date=19 Oct 2025 |title=BitLocker reportedly auto-locks users' backup drives, causing loss of 3TB of valuable data — Windows automatic disk encryption can permanently lock your drives |url=https://www.tomshardware.com/software/windows/bitlocker-reportedly-auto-locks-users-backup-drives-causing-loss-of-3tb-of-valuable-data-windows-automatic-disk-encryption-can-permanently-lock-your-drives |url-status=live |archive-url=https://archive.is/0ixWF |archive-date=2025-10-20 |access-date=9 Mar 2026 |website=Tom's Hardware}}</ref>
*BitLocker drive encryption is forced and there are known incidents of users permanently losing their data. <ref>{{Cite web |last=Sen |first=Sayan |date=1 May 2025 |title=Windows 11 users reportedly losing data due to Microsoft's forced BitLocker encryption |url=https://www.neowin.net/news/windows-11-users-reportedly-losing-data-due-to-microsofts-forced-bitlocker-encryption/ |url-status=live |archive-url=https://archive.is/69uPN |archive-date=2025-05-02 |access-date=9 Mar 2026 |website=Neowin}}</ref> <ref>{{Cite web |last=Nasir|first=Hassam |date=19 Oct 2025 |title=BitLocker reportedly auto-locks users' backup drives, causing loss of 3TB of valuable data — Windows automatic disk encryption can permanently lock your drives |url=https://www.tomshardware.com/software/windows/bitlocker-reportedly-auto-locks-users-backup-drives-causing-loss-of-3tb-of-valuable-data-windows-automatic-disk-encryption-can-permanently-lock-your-drives |url-status=live |archive-url=https://archive.is/0ixWF |archive-date=2025-10-20 |access-date=9 Mar 2026 |website=Tom's Hardware}}</ref>


*Like with Windows 10, [[OneDrive]] synchronization is active by default. The File Explorer redirects the local file shortcuts to the OneDrive file addresses.
*Like with Windows 10, [[OneDrive]] synchronization is active by default. The File Explorer redirects the local file shortcuts to the OneDrive file addresses.<blockquote>The OneDrive app built in to Windows synchronizes your files between your computer and OneDrive so they're backed up, protected, and available on any device.<ref>{{cite web |url=https://support.microsoft.com/en-us/office/how-to-change-the-default-save-location-in-onedrive-for-windows-33da0077-770c-4bda-b61e-8c8e8ca70ac7 |website=Microsoft Support |title=How to change the default save location in OneDrive for Windows |archive-url=https://web.archive.org/web/20260329111028/https://support.microsoft.com/en-us/office/how-to-change-the-default-save-location-in-onedrive-for-windows-33da0077-770c-4bda-b61e-8c8e8ca70ac7 |archive-date=2026-03-29}}</ref></blockquote>


===User privacy===
===User privacy===
Line 126: Line 129:
|[[Microsoft ends use of bypassnro.cmd for Windows 11]]
|[[Microsoft ends use of bypassnro.cmd for Windows 11]]
|-
|-
|BitLocker has a built-in backdoor
|BitLocker bypass
|2026
|2026
|On the 12th of May 2026, a security researcher going by the GitHub screen-name of 'Nightmare Eclipse' published a hacking tool known as 'YellowKey' that bypassed Microsoft's BitLocker encryption on Windows 11 and on Windows Server 2022 to 2025. What made this vulnerability different from others is that it was seemingly a built-in backdoor in the BitLocker encryption system.<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=14 May 2026 |title=Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation |url=https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html |url-status=live |archive-url=https://web.archive.org/web/20260514181052/https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html |archive-date=14 May 2026 |access-date=16 May 2026 |website=The Hacker News}}</ref>
|On the 12th of May 2026, a security researcher going by the GitHub screen-name of 'Nightmare Eclipse' published a hacking tool known as 'YellowKey' that bypassed Microsoft's BitLocker encryption on Windows 11 and on Windows Server 2022 to 2025. What made this vulnerability different from others is that it was seemingly a built-in backdoor in the BitLocker encryption system.<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=14 May 2026 |title=Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation |url=https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html |url-status=live |archive-url=https://web.archive.org/web/20260514181052/https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html |archive-date=14 May 2026 |access-date=16 May 2026 |website=The Hacker News}}</ref>


The believe of this vulnerability being an intentional backdoor comes from the fact that the exploit abuses a flaw in a component found in WinRE, also known as the Windows Recovery Environment. This is weird as the same component can be found in normal, non-recovery Windows installations, but in those versions the component does not have this vulnerability.<ref>{{Cite web |date=16 May 2026 |title=Nightmare-Eclipse/YellowKey: YellowKey Bitlocker Bypass Vulnerability |url=https://github.com/Nightmare-Eclipse/YellowKey |url-status=live |archive-url=https://web.archive.org/web/20260514013722/https://github.com/Nightmare-Eclipse/YellowKey |archive-date=14 May 2026 |access-date=16 May 2026 |website=[[GitHub]]}}</ref>
Some community members believe{{CitationNeeded}} that this vulnerability was an intentional backdoor comes from the fact that the exploit abuses a flaw in a component found in WinRE (Windows Recovery Environment) which can be found in normal, non-recovery Windows installations, but in those versions the component does not have this vulnerability.<ref>{{Cite web |date=16 May 2026 |title=Nightmare-Eclipse/YellowKey: YellowKey Bitlocker Bypass Vulnerability |url=https://github.com/Nightmare-Eclipse/YellowKey |url-status=live |archive-url=https://web.archive.org/web/20260514013722/https://github.com/Nightmare-Eclipse/YellowKey |archive-date=14 May 2026 |access-date=16 May 2026 |website=[[GitHub]]}}</ref>
|This backdoor let to all devices using BitLocker to no longer be protected when this exploit was made public. Due to this exploit all devices that were stolen before a patch for this backdoor was made are not protected from BitLocker. The full extend of the damages caused by this backdoor are unknown and a patch removing this backdoor has not yet released.
|This backdoor let to all devices using BitLocker to no longer be protected when this exploit was made public. Due to this exploit all devices that were stolen before a patch for this backdoor was made are not protected from BitLocker. The full extend of the damages caused by this backdoor are unknown and a patch removing this backdoor has not yet released.
|}
|}