Two German researchers standing on the Black Hat stage just demonstrated how an attacker with local admin rights can swap their own facial biometrics into a stolen laptop’s Windows Hello database—and unlock it instantly. The technique, dubbed “Windows Hell No,” exploits architectural weaknesses in how Windows stores biometric templates outside the protection of hardware-isolated security. Microsoft’s Enhanced Sign-in Security (ESS) stops the attack cold, but the catch is that many enterprise PCs still lack the required hardware to enable it.
The live demo, performed by Tillmann Osswald and Dr. Baptiste David of ERNW Enno Rey Netzwerke, showed how a malicious insider—or malware running with elevated privileges—can inject a foreign facial scan into the Windows Biometric Service (WBS) database. David logged into a test machine using his own face. Moments later, Osswald ran a few lines of code and, exploiting the breached database, unlocked David’s machine with his own face. The entire bypass took seconds. “ESS is very effective at blocking this attack, but not everyone can use it,” Osswald told The Register.
The research, funded by Germany’s Federal Office for IT Security under the “Windows Dissect” program, underscores a painful truth: Microsoft’s push toward a passwordless future has made biometric authentication the new battleground. Windows Hello for Business is now the default for many corporate logins, and starting May 1, 2025, Microsoft began steering users toward passkeys and biometrics with passwordless-by-default accounts. That shift reduces phishing risks dramatically, but as the Black Hat researchers proved, it also places a target squarely on the local biometric pipeline.
The Attack: Injecting a Stranger’s Face
At its core, Windows Hello for Business works by generating a device-bound asymmetric key pair during enrollment. The public key is registered with an identity provider like Microsoft Entra ID, while the private key is locked away—protected by whatever security hardware the device offers. The biometric templates (facial scans or fingerprints) that unlock that key are stored locally in an encrypted database managed by the Windows Biometric Service (WBS).
The database is encrypted using CryptProtectData, a Windows API that ties decryption to the user’s logon credentials. In theory, only the legitimate user can unlock it. In practice, Osswald and David found that a local administrator—either a rogue insider or attacker who has escalated privileges through malware—can bypass those protections by extracting key material that is already present on the system. Once inside, the attacker can replace the victim’s biometric templates with their own. Windows Hello then happily authenticates the attacker’s face, just as if the legitimate user had sat down.
This is not a simple software bug that can be patched with an update. “A significant rewrite” would be needed to fundamentally alter the unprotected database architecture on non-ESS systems, the researchers said. Attempting to store the biometric data directly in the TPM might not be feasible given storage constraints and the nature of the data. Until ESS becomes universal, the local template store remains a soft target for anyone who gains admin.
Why Enhanced Sign-in Security Matters
Microsoft introduced Enhanced Sign-in Security (ESS) as a hardware-rooted countermeasure against exactly this class of attack. ESS isolates the entire Windows Hello biometric processing path inside Virtualization-based Security (VBS), a hypervisor-protected environment that runs at a higher trust level (VTL1) than the normal Windows kernel. In this secured envelope, the biometric templates and the private key are guarded by the Trusted Platform Module (TPM 2.0), making template injection, replay, and tampering effectively impossible.
On an ESS-enabled device, only “secure” biometric sensors that can cryptographically prove their identity to Windows are allowed to participate. For facial recognition, that means an ESS-certified camera; for fingerprints, a match-on-sensor reader that performs template matching within the sensor itself, never exposing raw data to the host. The TPM authorizes every use of the private key, so even if an attacker compromises the OS, they can’t just copy the key or swap templates.
The researchers confirmed that ESS blocks their attack entirely. The problem? It’s a hardware-enforced shield, and hardware moves slowly.
The Compatibility Chasm
ESS demands a very specific hardware and firmware stack: TPM 2.0, Secure Boot, VBS, OEM-configured Secure Devices (SDEV) tables, and ESS-compatible cameras or fingerprint readers. Copilot+ PCs ship with ESS enabled by default, and many newer enterprise laptops from Lenovo, Dell, and HP now include the requisite components. But the global corporate fleet is a patchwork of devices purchased over the past five years—and a shocking number of them fail the ESS test.
Osswald and David bought ThinkPads “around one and a half years ago” for their research. The machines used AMD chips and lacked the secure camera sensor needed for ESS. “Sadly they do not have a secure sensor for the camera because they use AMD chips and not Intel’s,” Osswald noted. That detail highlights a critical nuance: ESS readiness isn’t simply a matter of having a recent CPU. It depends on the specific camera module and firmware integration, which many OEMs omitted from AMD-based designs until very recently.
External biometric peripherals add another wrinkle. Today, ESS blocks any external (USB) camera or fingerprint reader from being used for Windows sign-in. Microsoft exposes a user-facing toggle—“Sign in with an external camera or fingerprint reader”—that temporarily disables ESS to accommodate third-party gear. The explicit trade-off is reduced security, a concession that many organizations accept out of necessity. Full ESS support for external peripherals is on the roadmap, but not expected until late 2025.
Checking Your PC’s ESS Status
Determining whether a device has ESS engaged is straightforward:
- Open Settings > Accounts > Sign-in options.
- Under “Additional settings,” locate “Sign in with an external camera or fingerprint reader.”
- If the toggle is Off, ESS is enabled and external biometric sign-in is blocked.
- If the toggle is On, ESS is disabled.
If the toggle is missing entirely, the device likely doesn’t meet the hardware prerequisites, or an IT policy has restricted the option. For enterprise admins, Microsoft’s documentation provides deeper guidance on verifying SDEV tables and sensor attestation.
Immediate Steps for Windows Administrators
The Black Hat demo isn’t a theoretical scare. It’s a practical attack that can be woven into real-world intrusion chains. With admin access already a requisite step in many ransomware and APT playbooks, the ability to then unlock biometric-protected machines and move laterally is a potent escalation. Here’s how to respond.
Immediate Risk Reduction (Non-ESS Devices)
- Disable Windows Hello biometrics on business machines that lack ESS. Revert to PIN-only sign-in—the researchers explicitly recommend this posture for Windows Hello for Business without ESS.
- Minimize local admin exposure. Use just-in-time elevation via Windows LAPS or PIM/PAM solutions. Monitor for any tooling that touches biometric stores, such as unusual access to the
Ngcfolder or WBS registry keys.
Medium-Term Hardening
- Prioritize ESS-capable hardware in your next refresh cycle. Mandate TPM 2.0, Secure Boot, and ESS-certified cameras or match-on-sensor fingerprint readers. Verify OEM support for SDEV tables and ESS in firmware release notes before procurement.
- Standardize on Copilot+ PCs where feasible—these ship with ESS enabled by default and are designed for the hardened Windows Hello path.
- Avoid external biometric peripherals for sign-in on ESS devices until Microsoft’s late-2025 support lands. If peripherals are unavoidable on non-ESS systems, document the security trade-off and treat those devices as higher risk.
Policy and Identity Hygiene
- Keep pushing passwordless, but pair it with strong endpoint isolation. Windows Hello for Business still anchors authentication to asymmetric keys registered with Entra ID—the assertion is robust when the local biometric path is protected.
- For high-risk roles and admin accounts on non-ESS machines, deploy FIDO2 security keys as a phishing-resistant alternative to biometrics. Keys store credentials in a separate hardware token, sidestepping the local template attack entirely.
A Pattern of Biometric Bypasses
This isn’t the first time Windows Hello’s face authentication has come under scrutiny. In 2021, CyberArk demonstrated a camera-spoofing attack: by manipulating a USB webcam to feed crafted infrared frames, an attacker could trick Hello into thinking it sees the legitimate user. Microsoft responded with patches and guidance, and later introduced ESS to harden the entire flow from sensor to key release. The new work targets the database layer rather than the camera, underscoring why device-level isolation is the only durable defense. As long as biometric data sits in a mutable database accessible to the OS, admin-level attackers will find a way in.
What This Means for the Passwordless Future
The “face swap” attack is a wake-up call, not a death sentence for Windows Hello. Microsoft’s passwordless-by-default initiative remains a net positive for security—phishing resistance, credential theft reduction, and simpler user experience are genuine wins. But those wins evaporate if the endpoint isn’t hardened. The research makes clear that authentication pipelines must have strong attestation and isolation at every hop: from the sensor, through the biometric matcher, to the key store.
Organizations can no longer treat Windows Hello as a simple checkbox during device enrollment. Hardware choices now carry direct security implications. The gap between what ESS protects and what older hardware allows is wide enough to drive a truck full of stolen credentials through. Until ESS becomes ubiquitous, the advice from the researchers is blunt: turn off biometrics where ESS isn’t available. For enterprises with mixed fleets, that means a phased approach—immediate configuration changes on vulnerable devices, aggressive procurement of ESS-ready hardware, and continued investment in endpoint detection and response to catch the admin escalation that precedes any biometric tampering.
Two years ago, a similar Black Hat demo might have triggered panic. Today, the industry response can be more measured: there is a clear technical fix (ESS), a migration path (hardware refresh), and temporary mitigations (PIN/FIDO2) that preserve productivity without sacrificing security. The question is whether IT leaders will act before attackers start including template injection in their toolkits—or whether they’ll wait for the next headline to provide the motivation.