A newly-discovered bug in Windows 11 and Windows 10 version 21H2 is leaving some user data unprotected on a disk after a factory reset. The bug, discovered by Rudy Ooms on the Call4Cloud blog, means that your data may be easily accessible if you sell or give away your laptop after resetting. This appears to be specifically related to OneDrive files synced locally to your PC, so local-only data wouldn’t be affected.
Ooms made the discovery by attempting to remotely wipe a Windows 11 device using Microsoft Intune, which is a management suite for enterprise customers. However, upon further testing, the bug affects factory resets done locally using the Settings app, even when using the cloud download option.XDA-Developers VIDEO OF THE DAY
During the reset process, users are typically asked if they want to keep their user data (and just delete their apps and programs) so they can start fresh, or if they want to delete everything on the drive. The latter option is recommended if you’re planning to sell the laptop, since you don’t want the next owner to see your personal data. In previous versions of Windows 10, it worked as intended, but in version 21H2 and Windows 11, user data from OneDrive is kept in the Windows.old folder. This only includes locally stored data, specifically OneDrive files that were synced to the PC, including files synced using Known Folder Move.
While opening the files wasn’t as easy as just heading into the folder and opening them, users can press Shift + F10 on the Windows login screen to open a Command prompt and access those files easily. It’s not something everyone would think to do, but it’s not a difficult task, either. It’s especially concerning because even if the drive had BitLocker encryption before the reset, that encryption is removed after the reset.
Not everyone will be affected by this bug, since you’ll have to have used the OneDrive integration in Windows 10 or 11 in order for the data to be exposed, plus only files that were available offline can be accessed after the reset, but this is still a major issue. For whatever reason, the reset process was changed with Windows 11 and Windows 10 version 21H2, making it so that these files remain on the disk after a reset.
According to Ooms, Microsoft is working to fix this issue, but until that happens, there’s a PowerShell script that will configure your PC to delete all user data in the Windows.old folder after a reset. You’ll want to run and deploy this script before the reset, so the data is deleted automatically afterwards.
Windows 11 is no stranger to major bugs, including some big security issues. An early bug allowed anyone to gain administrator privileges on Windows 11, Windows 10, and Windows Server back in November.