Sounds like a case of 'already behind the airtight hatch'. If you have administrative privileges to install an OS upgrade then you have administrative privileges to disable filesystem encryption.
On the other hand, if MS pushes the update to the PC and it self-launches or can be initiated by a non-administrator, then it seems like there is a real security problem here.
In the video they demonstrated that they're NOT local admin. The machine was set to automatically install updates, all they had to do was hit the "restart" button to start the automatic installation.
They were then able to use a key combination to give them SYSTEM level access from a normal user account. This is absolutely an elevation exploit, and the fact it bypasses Bitlocker during in-place upgrade is a little disturbing.
This bug likely isn't impactful for home users, but for enterprise-style systems (in particular in education) it has a big impact. Now every regular user can trivially become a local admin user. Problematic.
Arent these kinds of updates pushed out my Central IT? Just because they can push it out, there are still a lot of employees watching the update run that probably don't have admin access.
Another common Raymond Chen reminder: "Local Administrator != Domain Administrator". If a user gains administrative privileges on their own machine as part of a corporate network, that just means they can bork their own machine and IT will have to come and take it for repair (and they'll likely be disciplined for doing stupid things against IT policy.) If becoming a local administrator on your own machine allows you more privileges on the network, there's something wrong with the network's security architecture. (After all, in a regular, healthy corporate network, Bring-Your-Own-Machine scenarios—where everyone is their own local administrator—are common without posing any threat.)
I want to block my young teen-aged son from hacking into his time-locked win 7 (soon win 10). He already searched the web and found some kind of system restore scheme to reset his password. Next step was to encrypt the hard drive to block rebooting without password.
Maybe with a home system, but in business most users don't have local admin rights but the systems are set to allow them to initiate updates, or updates happen the next time the computer boots up from patch tuesday. If an end-user catches an image-based update being deployed, she can just press that hotkey combo and get local admin rights. Scary stuff here for sysadmins until this is patched or some work-around can be implemented.
WindowsPE is a whole separate Windows distro and has all its failings and security issues. MS doesn't seem to have hardened it correctly for its update system. This is also why organizations are usually 2-3 years behind Windows versions. Its just too risky to trust MS to get things done on an acceptable level without nearly 3 years of bug squashing and security auditing per Windows version.
I've kept my employer on 7 until next year for reasons like these. Considering all the update and security issues with Win10, we might even put this off until 2018.
I think the point is that bitlocker means that a locked machine shouldn't be accessible to anyone even at the keyboard who doesn't know the password. If that machine happens to be executing an upgrade, even a scheduled upgrade, this is a bitlocker security bypass.
It's not earth shattering - somebody could steal a encrypted laptop that's already running and keep it running until an upgrade comes and then bypass bitlocker. Aren't there other ways of bypassing it with a running machine?
On the other hand, if MS pushes the update to the PC and it self-launches or can be initiated by a non-administrator, then it seems like there is a real security problem here.