|
|
|
|
|
|
by Borealid
37 days ago
|
|
|
If Microsoft wanted a backdoor, there is no need to hide it in the official Windows Recovery Environment image. Just sign an alternate version of the recovery environment that doesn't bother displaying a login screen. Done - you can access any TPM-only Bitlocker setup freely. This is actually LESS risky than keeping the exploit in the publicly-available version of WinRE, because you don't have the risk of pesky security researchers finding your backdoor. Hanlon's Razor and Occam's Razor both say this is probably a bug that lets you use some kind of early-boot filesystem-corruption-fixing code on the recovery image to break the login screen and leave the disk unlocked by accident. It deletes itself because it's, well, intended to be a filesystem fix log, and the log gets deleted when it's done being replayed so it doesn't happen a second time! |
|
|
Just for fun (not saying I believe this!): Did you ever consider that a malicious Microsoft employee may have intentionally planted this exploit? They don't have access to signing keys. They aren't able to make custom firmware. However, what they can do is leave innocent looking code in Windows that they and their co-conspirators can exploit later. Completely possible (-: