Linka (talk | contribs)
fixed wording to be less accusatory
 
(One intermediate revision by one other user not shown)
Line 19: Line 19:
*BitLocker drive encryption is forced and there are known incidents of users permanently losing their data. <ref>{{Cite web |last=Sen |first=Sayan |date=1 May 2025 |title=Windows 11 users reportedly losing data due to Microsoft's forced BitLocker encryption |url=https://www.neowin.net/news/windows-11-users-reportedly-losing-data-due-to-microsofts-forced-bitlocker-encryption/ |url-status=live |archive-url=https://archive.is/69uPN |archive-date=2025-05-02 |access-date=9 Mar 2026 |website=Neowin}}</ref> <ref>{{Cite web |last=Nasir|first=Hassam |date=19 Oct 2025 |title=BitLocker reportedly auto-locks users' backup drives, causing loss of 3TB of valuable data — Windows automatic disk encryption can permanently lock your drives |url=https://www.tomshardware.com/software/windows/bitlocker-reportedly-auto-locks-users-backup-drives-causing-loss-of-3tb-of-valuable-data-windows-automatic-disk-encryption-can-permanently-lock-your-drives |url-status=live |archive-url=https://archive.is/0ixWF |archive-date=2025-10-20 |access-date=9 Mar 2026 |website=Tom's Hardware}}</ref>
*BitLocker drive encryption is forced and there are known incidents of users permanently losing their data. <ref>{{Cite web |last=Sen |first=Sayan |date=1 May 2025 |title=Windows 11 users reportedly losing data due to Microsoft's forced BitLocker encryption |url=https://www.neowin.net/news/windows-11-users-reportedly-losing-data-due-to-microsofts-forced-bitlocker-encryption/ |url-status=live |archive-url=https://archive.is/69uPN |archive-date=2025-05-02 |access-date=9 Mar 2026 |website=Neowin}}</ref> <ref>{{Cite web |last=Nasir|first=Hassam |date=19 Oct 2025 |title=BitLocker reportedly auto-locks users' backup drives, causing loss of 3TB of valuable data — Windows automatic disk encryption can permanently lock your drives |url=https://www.tomshardware.com/software/windows/bitlocker-reportedly-auto-locks-users-backup-drives-causing-loss-of-3tb-of-valuable-data-windows-automatic-disk-encryption-can-permanently-lock-your-drives |url-status=live |archive-url=https://archive.is/0ixWF |archive-date=2025-10-20 |access-date=9 Mar 2026 |website=Tom's Hardware}}</ref>


*Like with Windows 10, [[OneDrive]] synchronization is active by default. The File Explorer redirects the local file shortcuts to the OneDrive file addresses.
*Like with Windows 10, [[OneDrive]] synchronization is active by default. The File Explorer redirects the local file shortcuts to the OneDrive file addresses.<blockquote>The OneDrive app built in to Windows synchronizes your files between your computer and OneDrive so they're backed up, protected, and available on any device.<ref>{{cite web |url=https://support.microsoft.com/en-us/office/how-to-change-the-default-save-location-in-onedrive-for-windows-33da0077-770c-4bda-b61e-8c8e8ca70ac7 |website=Microsoft Support |title=How to change the default save location in OneDrive for Windows |archive-url=https://web.archive.org/web/20260329111028/https://support.microsoft.com/en-us/office/how-to-change-the-default-save-location-in-onedrive-for-windows-33da0077-770c-4bda-b61e-8c8e8ca70ac7 |archive-date=2026-03-29}}</ref></blockquote>


===User privacy===
===User privacy===
Line 129: Line 129:
|[[Microsoft ends use of bypassnro.cmd for Windows 11]]
|[[Microsoft ends use of bypassnro.cmd for Windows 11]]
|-
|-
|BitLocker has a built-in backdoor
|BitLocker bypass
|2026
|2026
|On the 12th of May 2026, a security researcher going by the GitHub screen-name of 'Nightmare Eclipse' published a hacking tool known as 'YellowKey' that bypassed Microsoft's BitLocker encryption on Windows 11 and on Windows Server 2022 to 2025. What made this vulnerability different from others is that it was seemingly a built-in backdoor in the BitLocker encryption system.<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=14 May 2026 |title=Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation |url=https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html |url-status=live |archive-url=https://web.archive.org/web/20260514181052/https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html |archive-date=14 May 2026 |access-date=16 May 2026 |website=The Hacker News}}</ref>
|On the 12th of May 2026, a security researcher going by the GitHub screen-name of 'Nightmare Eclipse' published a hacking tool known as 'YellowKey' that bypassed Microsoft's BitLocker encryption on Windows 11 and on Windows Server 2022 to 2025. What made this vulnerability different from others is that it was seemingly a built-in backdoor in the BitLocker encryption system.<ref>{{Cite web |last=Lakshmanan |first=Ravie |date=14 May 2026 |title=Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation |url=https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html |url-status=live |archive-url=https://web.archive.org/web/20260514181052/https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html |archive-date=14 May 2026 |access-date=16 May 2026 |website=The Hacker News}}</ref>


The believe of this vulnerability being an intentional backdoor comes from the fact that the exploit abuses a flaw in a component found in WinRE, also known as the Windows Recovery Environment. This is weird as the same component can be found in normal, non-recovery Windows installations, but in those versions the component does not have this vulnerability.<ref>{{Cite web |date=16 May 2026 |title=Nightmare-Eclipse/YellowKey: YellowKey Bitlocker Bypass Vulnerability |url=https://github.com/Nightmare-Eclipse/YellowKey |url-status=live |archive-url=https://web.archive.org/web/20260514013722/https://github.com/Nightmare-Eclipse/YellowKey |archive-date=14 May 2026 |access-date=16 May 2026 |website=[[GitHub]]}}</ref>
Some community members believe{{CitationNeeded}} that this vulnerability was an intentional backdoor comes from the fact that the exploit abuses a flaw in a component found in WinRE (Windows Recovery Environment) which can be found in normal, non-recovery Windows installations, but in those versions the component does not have this vulnerability.<ref>{{Cite web |date=16 May 2026 |title=Nightmare-Eclipse/YellowKey: YellowKey Bitlocker Bypass Vulnerability |url=https://github.com/Nightmare-Eclipse/YellowKey |url-status=live |archive-url=https://web.archive.org/web/20260514013722/https://github.com/Nightmare-Eclipse/YellowKey |archive-date=14 May 2026 |access-date=16 May 2026 |website=[[GitHub]]}}</ref>
|This backdoor let to all devices using BitLocker to no longer be protected when this exploit was made public. Due to this exploit all devices that were stolen before a patch for this backdoor was made are not protected from BitLocker. The full extend of the damages caused by this backdoor are unknown and a patch removing this backdoor has not yet released.
|This backdoor let to all devices using BitLocker to no longer be protected when this exploit was made public. Due to this exploit all devices that were stolen before a patch for this backdoor was made are not protected from BitLocker. The full extend of the damages caused by this backdoor are unknown and a patch removing this backdoor has not yet released.
|}
|}