We select and review products independently. When you purchase through our links we may earn a commission. Learn more.

Microsoft’s Critical Windows Security Tool Is an Epic Fail

Windows 10 logo on a tablet

Resetting a Windows machine and deleting all the data on it can be useful for businesses or before you sell a laptop, but only if it deletes all of your user information. Apparently, Microsoft’s updated data wipe tool is doing the opposite and is actually leaving data behind.

On some versions of Windows 10 and Windows 11, the tool isn’t completely erasing all of the data, which is an epic fail for Microsoft. The bad news was confirmed by a Microsoft MVP named Rudy Ooms, who shared the findings in a blog post and on Twitter.

Microsoft recently updated the eraser tool, and Rudy Ooms was testing the “remote wipe” function, yet found critical user files remained after the wipe. It looks like Windows 10 version 21H2 and Windows 11 version 21H2 didn’t erase everything and instead left data behind in the Windows.old folder. Previous versions of the tool didn’t have this problem.

If that wasn’t bad enough, when a user wipes a device, previously encrypted data becomes decrypted and readily available. Obviously, this is a critical security issue that Microsoft will need to address, but so far, it doesn’t look like there’s a fix. For now, we’re not sure if this was the intended outcome, but when you go to Reset PC and click Remove Everything, it should remove everything.

It’s worth noting that users can manually remove the data themselves, which is better than nothing. Simply erase your Windows 10 or 11 system, then manually delete the Windows.old file that gets left behind. Additionally, users can use other wipe tools to ensure any sensitive data gets completely removed.

via TechRadar

Cory Gunther Cory Gunther
Cory Gunther has been writing about phones, Android, cars, and technology in general for over a decade. He's a staff writer for Review Geek covering roundups, EVs, and news. He's previously written for GottaBeMobile, SlashGear, AndroidCentral, and InputMag, and he's written over 9,000 articles. Read Full Bio »