May 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Cisco Alerts, CSLU Backdoor Admin Account Exploited in Attacks
April 3, 2025
GuLoader Malspam Campaign – Active IOCs
April 4, 2025
Cisco Alerts, CSLU Backdoor Admin Account Exploited in Attacks
April 3, 2025
GuLoader Malspam Campaign – Active IOCs
April 4, 2025
Severity
High
Analysis Summary
A new trick has been discovered that lets users bypass the Microsoft Account requirement in Windows 11. This comes as Microsoft has been making it harder to use local accounts in the operating system, pushing users to use a Microsoft Account for cloud-based features.
Previously, a script called 'BypassNRO.cmd' allowed users to bypass the requirement, but Microsoft removed it from preview builds of Windows 11. Although the script’s registry commands still worked, it became more complicated to use.
Over the weekend, a user named "Wither OrNot" shared an easier way to bypass the Microsoft Account requirement. During the Windows 11 installation process, when you reach the screen asking you to connect to a network, you can press Shift+F10 to open a command prompt. In the prompt, you type the command start ms-cxh:localonly and press Enter. This opens a window where you can create a local user account for the installation.
After filling out the details and clicking "Next," Windows 11 will proceed with the setup using the local account, and you won’t be prompted for a Microsoft Account. Once the installation is complete, you can confirm that you're using a local account by checking your account name in the Start menu. This method is simpler than the previous BypassNRO method and makes it easier to set up Windows 11 with a local account.
It is unclear whether Microsoft will remove this command in the future, but it seems more integrated into the system compared to the old script.
Impact
- Security Bypass
Remediation
- Use the start ms-cxh:localonly command during installation to create a local account.
- When the "Let's connect you to a network" screen appears, press Shift+F10 to open the command prompt.
- Type start ms-cxh:localonly in the command prompt and press Enter to open the local account creation window.
- Fill in the local account information and proceed with the installation without using a Microsoft Account.
- After installation, verify the use of a local account by checking your account name in the Start menu.
- Manually edit the Registry or use scripts like BypassNRO.cmd if the easier method is not available.
- Avoid connecting to the internet during setup to prevent automatic Microsoft Account prompts.
- If prompted for a Microsoft Account, repeatedly click “Skip” or “Offline Account” until the setup continues with a local account.
