A packed auditorium at Black Hat 2025 in Las Vegas watched in silence as security researcher Tillmann Osswald remotely enrolled his own face onto his colleague’s Windows Hello-protected laptop—and unlocked it seconds later. The live demonstration, conducted by ERNW Research’s Dr. Baptiste David and Osswald, shattered assumptions about the safety of Microsoft’s biometric authentication for business use. The blunt message: if an attacker gains local administrator privileges, Windows Hello’s facial recognition and fingerprint logins can be bypassed with ease, rendering the feature a serious liability for enterprise environments.
For years, Microsoft has championed Windows Hello as a password-free, “more personal, more secure” way to sign into Windows 10 and 11. The feature uses facial scans, fingerprints, or a PIN, with cryptographic keys stored locally and integrated with the Windows Biometric Service. Enterprise deployments connect through Entra ID (formerly Azure AD) or Active Directory, promising both convenience and hardened security. But the attack unveiled by David and Osswald exposes a fundamental weakness that Microsoft will struggle to fix—and for many organizations, the only practical defense is to turn biometrics off entirely.
The Black Hat 2025 Demo: A Face Swap in Real Time
The demonstration was deceptively simple. Dr. David first logged into his machine using Windows Hello facial recognition—a routine act for millions of users daily. With local administrator access on the same device, Osswald then executed what he described as “a few lines of code” to extract and modify the biometric database. He injected a Hello facial profile that he had previously created on another machine, replacing David’s legitimate template. Moments later, Osswald’s face unlocked the laptop live on stage. The crowd witnessed a full bypass of biometric protection, achieved without brute‑force cracking of algorithms or exploitation of sensor hardware.
The root of the issue lies in how Windows Hello stores its biometric data. The database is encrypted using the Windows API function CryptProtectData. While this provides some protection, researchers found that an attacker with administrative rights can decrypt the database using information accessible at that privilege level. Once the database is readable, injecting a spoofed biometric profile becomes straightforward. The system then trusts the attacker’s face or fingerprint as if it belonged to the original user.
Why Windows Hello’s Design Falls Short for Business
Microsoft’s biometric architecture was built on a device‑centric trust model. Biometric templates never leave the device, and matching is performed locally—a design intended to reduce cloud‑side attack surfaces. However, as the Black Hat research highlights, local trust collapses when an adversary gains admin‑level access to the endpoint. An insider with elevated privileges, or malware that escalates to admin, can subvert the very database that Hello relies on.
This is not a simple software bug; it’s a structural vulnerability. The cryptographic key that protects the database is itself protected by a mechanism that can be defeated by anyone running as SYSTEM or administrator. David and Osswald emphasized that the attack does not require specialized hardware, nor does it depend on tricking the biometric sensor. It is a pure software‑based injection that sidesteps the entire biometric pipeline.
Enhanced Sign‑in Security (ESS): A Partial Shield
Microsoft’s Enhanced Sign‑in Security (ESS) was introduced to fortify the biometric chain. ESS leverages virtualization‑based security (VBS) to isolate the biometric stack inside a higher‑trust execution environment (VTL1). This hypervisor‑enforced barrier is designed to protect biometric data even from admin‑level code running in the normal OS (VTL0). The researchers acknowledged that ESS is “very effective in defending against this attack”—on systems that fully support it.
The catch, however, is severe. ESS requires hardware not present in a vast portion of the enterprise fleet. During the talk, Osswald pointed to their own experience: “We bought ThinkPads about a year and a half ago. Unfortunately, they don’t have a secure sensor for the camera because they use AMD chips instead of Intel chips.” Many business‑class laptops, particularly those with AMD processors or older secure‑camera modules, lack the necessary Trusted Platform Module (TPM) integration and compliant sensors. Microsoft enables ESS by default where possible, but for unsupported devices, the biometric pathway remains completely exposed.
Enterprise Risk: Who Should Worry Most
The implications for businesses are stark. Windows Hello’s biometric bypass collapses the assurance that only an authorized individual can unlock a corporate device. Organizations that rely on Hello to protect sensitive data, proprietary applications, or privileged network access now face a difficult reckoning.
- Mixed hardware estates: Companies with a variety of laptop models will have inconsistent defenses. Some devices may be secured by ESS, while others—often purchased as recently as 2023—remain vulnerable.
- Remote and field workers: Laptops used outside the office are at greater risk of theft or physical tampering. An attacker who steals a device and later gains admin access (for example, through a credential‑dumping tool) can enroll their own biometrics and unlock corporate resources.
- Highly regulated industries: Financial services, healthcare, and government entities often mandate multi‑factor authentication with biometrics as a strong factor. These sectors may now need to re‑evaluate whether Windows Hello meets compliance standards.
The attack also introduces a persistence mechanism that defies traditional remediation. Once an attacker’s face or fingerprint is enrolled, changing the user’s password or revoking Active Directory credentials does nothing to expel the unauthorized biometric. The backdoor remains open until an administrator manually inspects and cleans the Hello database on every affected endpoint—a daunting task at scale.
Microsoft’s Position and the Long Road to a Fix
Microsoft has been aware of these findings following responsible disclosure by the ERNW team. However, a quick patch is unlikely. The company appears to accept the risk as an architectural limitation rather than a conventional vulnerability. In statements, Microsoft recommends that organizations enable ESS where possible and follow endpoint security best practices, but they have not committed to a fundamental redesign.
A true fix would require monumental engineering changes. Biometric data would need to be stored in hardware‑isolated containers, such as TPMs, with attestation that ensures the database cannot be tampered with even by the local OS. Alternatively, every biometric sensor would need built‑in cryptographic binding to the device, akin to how Apple’s Secure Enclave processes Touch ID and Face ID data. Neither path is feasible as a software update. It would demand new hardware standards and render millions of existing PCs incompatible overnight.
The researchers told The Register that “it will be difficult to fix the problem,” noting that a patch would likely involve “extensive reprogramming of the code or an attempt to use the TPM module to store the biometric data.” That, they added, “may not be possible.” For the foreseeable future, the vulnerability stands as an accepted reality.
Actionable Steps for IT and Security Teams
Until Microsoft delivers a hardware‑backed solution, organizations cannot afford to wait. The research team’s foremost recommendation is aggressive: disable Windows Hello biometrics entirely on business devices. While this may feel like a step backward, erases the direct attack surface demonstrated at Black Hat.
Instead, businesses can pivot to Hello’s PIN‑only mode. A PIN is bound to the device’s TPM and offers stronger local hardening than legacy passwords, even if it lacks the fingerprint or face factor. Combined with robust lockout policies, multi‑factor authentication (MFA), and conditional access rules, PIN‑based sign‑in can still deliver passwordless convenience without the biometric risk.
For organizations that must retain biometrics on some devices, conduct an immediate hardware audit:
- Inventory all endpoints that use Windows Hello facial or fingerprint login.
- Identify which models support ESS and have verified secure sensors. Check with OEMs for specific configurations.
- Disable biometrics on all devices that do not meet the ESS and secure‑hardware criteria.
- Reinforce endpoint detection and response (EDR) to limit the probability of admin‑level compromise.
- Educate users on the risks of leaving devices unattended and the importance of reporting lost or stolen hardware immediately.
For high‑security environments, consider external hardware tokens. Smart cards, FIDO2 keys, or biometric peripherals that process authentication outside the host OS provide a trust boundary that Windows Hello currently cannot guarantee.
A Larger Lesson: Biometric Trust Is Device Trust
The Windows Hello saga underscores a fundamental truth of modern authentication: biometrics do not exist in a vacuum. The security of a stored template, the integrity of the matching engine, and the binding between a face and a login session all depend on the trustworthiness of the device itself. When that device can be compromised by an administrator or malware, no biometric algorithm can salvage the outcome.
This is not a problem unique to Microsoft. Any operating system that stores biometric references in software‑encrypted database formats faces analogous risks if the local OS is breached. The industry’s gradual shift toward hardware‑backed biometric processing—Apple’s Secure Enclave, Google’s Titan M chip, and Microsoft’s own Pluton processor—recognizes that the only resilient model is one where biometric data never touches the host’s main memory or storage.
The current state of Windows Hello exposes a gap between marketing and reality. Microsoft’s consumer‑friendly narrative of “just look at your camera” obscured the need for compatible sensors, TPM‑based storage, and the ESS isolation layer. Many enterprises adopted the feature without realizing their hardware was silently ineligible for the safeguards that would have blocked this attack.
What Comes Next
Security researchers will continue to pressure Microsoft, but the company’s options are constrained. Future versions of Windows may mandate hardware‑protected biometric storage, but that would leave a long tail of legacy devices unprotected. In the meantime, enterprise architects must treat Windows Hello biometrics with the same skepticism they apply to any single‑factor authentication mechanism.
The Black Hat 2025 reveal is not the death knell for biometrics in the enterprise. It is, however, a reality check. Biometric systems can be powerful components of a defense‑in‑depth strategy, but only when they are grounded in unassailable hardware roots of trust. Until Windows Hello achieves that—and until every corporate laptop ships with the necessary components—disabling the feature remains the most honest security posture.
Organizations that act now, by auditing their fleets and adjusting authentication policies, will close a door that attackers were all too ready to walk through. Those that wait may find that the face unlocking their network no longer belongs to an employee.