The official Windows 10 data wiping tool can actually leave user info remaining

Laptop user with Android apps running in Windows 11
(Image credit: diy13 / Shutterstock / Microsoft)

Microsoft’s data wiping feature isn’t working as intended on some versions of Windows, and is leaving behind data that can be easily accessed, researchers have claimed.

The news was confirmed by Microsoft MVP Rudy Ooms, who published a blog post on his findings, as well as explained it in a bit more detail over on Twitter.

As Ooms explained, the Reset PC > Remove Everything option leaves data on the old system in both Windows 10 version 21H2, and Windows 11 version 21H2. Both Wipe and Fresh Start options work as intended on Windows 10 21H1 and Windows 11 21H1, he added. 

TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

In most cases, the OS would create a folder called Windows.old on the “wiped” or “fresh start” disks, containing user data, Ooms says. This is obviously not by design, as choosing these two options prompts the warning “This removes all personal and company data and settings from this device.”

Fixing the problem

To make matters worse, when a user wipes a device, the Windows.old folder also contains previously encrypted data, but now it’s decrypted. Furthermore, OneDrive files marked as “Always keep on this device” will remain in the Windows.old folder, as well.

On the other hand, wiping the drive also removes Bitlocker, which could be a problem for some users who use Bitlocker to safely backup important data.

For the time being, Microsoft does not have a fix for the problem. However, Ooms says he’s created a PowerShell Script, as a temporary solution. Those looking for an utter and complete wipe of all data should first run the script, and then proceed with the cleanup. 

Reporting on the news, Tom’s Hardware also says that users can manually remove this data, by deleting the Windows.old files following the wipe. After that, they can use a wipe-free space utility, to ensure the sensitive data can’t be recovered by a data recovery tool.

Users should always double-check the contents of the drive after wiping, the publication concludes, as they can not only find their old files in Windows.old, but also on other storage hardware installed on the endpoint.

Via: Tom's Hardware

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.