Microsoft has updated the data wiping tool in Windows 10 and Windows 11... and now it leaves behind data
Using Windows' built in option to reset your computer and erase data may not be as secure as you thought. If you are passing on a computer to a friend or family member, or perhaps selling a machine you no longer need, you may well have used the option to reset the PC and wipe out your personal data. While this seems like a sensible move, an update to the data wiping tools in Windows 10 and Windows 11 means that potentially revealing and sensitive data can be left behind.
Tests conducted by Microsoft MVP Rudy Ooms showed that in Windows 10 version 21H2 and Windows 11 version 21H2 the data wiping function left behind user data in the Windows.old folder. Versions of the operating system prior to 21H2 did not suffer from this issue.
See also:
- Microsoft releases important KB5010415 update for Windows 10 because Windows 11 is not ubiquitous
- You may have just installed Windows 11, but Microsoft could be readying Windows 12
- Windows 11 will force users to create Microsoft accounts
Ooms started off looking at the process of remotely wiping computers in various ways, and was surprised to find that in all of his tests using Windows 10 and Windows 11 version 21H2, data that users would rightly expect to be deleted in fact remained on the hard drive.
Tweeting about his findings over the weekend, Ooms said:
It is worth reiterating that while the main focus of the tests are on remote wiping, the same worrying results were found with local wipes.
Ooms suggests that you double check the contents of your hard drive after performing a wipe, and manually delete the Windows.old folder if necessary. He has also produced a PowerShell script which can be used to ensure that a drive wipe really does erase all data, including the Windows.old folder.
You can read Ooms full report over on his Call4Cloud blog.
Image credit: lightsource / depositphotos