Windows 11 security issue makes selling your PC a risk

Credit card and padlock standing on laptop computer.
(Image credit: cigdem / Shutterstock)

Both Windows 11 and Windows 10 are supposed to make it easy to reset your devices to securely remove all your files and settings, but now Microsoft has confirmed that there is an issue where certain files aren’t actually deleted.

This is a very concerning problem, as many people use the ‘Reset’ feature of Windows 11 and Windows 10 to completely wipe their data before selling or giving away their old devices. 

The process itself claims to remove all of your data, but if some remains, whoever gets your device in the future could potentially find and open left-over files, for example, which could include private or sensitive information. And, because the ‘Reset’ feature claims all your files are deleted, you could be putting yourself at risk without even knowing it.

Affected versions

It's an embarrassing situation for Microsoft, especially because it seems the issue is with OneDrive, Microsoft’s cloud storage service that the company asks you use when you sign in to Windows.

As Windows Central reports, the affected versions of Windows are:

  • Windows 11 21H2
  • Windows 10 21H2
  • Windows 10 21H1
  • Windows 10 20H2

According to Microsoft, “When attempting to reset a Windows device with apps which have folders with reparse data, such as OneDrive or OneDrive for Business, files which have been downloaded or synced locally from OneDrive might not be deleted when selecting the “Remove everything” option.”

This is certainly a concerning development for anyone thinking about selling or giving away an old laptop.

Analysis: There is a fix – but is it too late?

Ein Mann sitzt vor einem Laptop, welcher Sicherheitsrisiken anzeigt

(Image credit: © Artem #257128047)

The good news is that Microsoft has shared a workaround to stop this happening. To make sure all your files are wiped, sign out of OneDrive. If you can, also unlink OneDrive from the device. Then, go through the process of resetting your PC.

If you’ve already reset your PC, make a new account, log in and then open up the Settings app. Click ‘Storage’ then ‘Storage Sense’. Run Storage Sense to remove the Windows.old folder (which you can also find and manually delete through the File Explorer app). This will remove the last remnants of your files and folders.

While it’s good that there is a workaround, it’s a bit of a faff, and a process that’s easy to forget to do. Worst of all, as we mentioned earlier, the ‘Reset PC’ process still claims your files are deleted and it’s save to give away the PC.

For anyone who has given away a PC or laptop (or sold one) after using the ‘Reset’ option, then this workaround comes too late. Frustratingly, there were reports of this issue earlier this year, but Microsoft has only now confirmed its existence. This delay may have caused people to use the feature assuming all their files have been securely removed.

This workaround also comes too late for people who have already given away their PCs. If that’s the case, then you may still not need to worry too much, as what data might have been left on there is buried away in the Windows.old folder, which does eventually get replaced, so a user would have to know to look there.

Still, it’s worth changing any details such as passwords, if you kept them in a file on your OneDrive (which we recommend no one ever does anyway).

Microsoft is also working on a permanent fix for this issue, which the company says will be including in “an upcoming release.” Hopefully this comes sooner rather than later to ensure as few people as possible are affected by this issue.

Matt Hanson
Managing Editor, Core Tech

Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. He’s personally reviewed and used most of the laptops in our best laptops guide - and since joining TechRadar in 2014, he's reviewed over 250 laptops and computing accessories personally.