Skip to content

Search the site

Microsoft Bug Bash mishap lets Insider users enable hidden Windows 11 features

Microsoft unintentionally gifted Insiders a way to turn on all of Windows 11's hidden features thanks to a bit of carelessness during a recent testing campaign

Microsoft has untintentionally gifted its Insider testers a handful of new features after an internal tool for Windows 11 leaked.

Known as StagingTool, the development app is apparently intended to serve as a way for Microsoft to selectively enable specific features in Windows 11.

Normally, the tool would be something Microsoft would want to keep hidden from users, as it allows the vendor to perform A/B tests of new features and components with its volunteer testers.

During one of the recent Bug Bash events- tests in which Microsoft asks Insiders to hammer on specific features in order to suss out potential bugs- user XenoPanther noted a particularly interesting piece of software on their machine.

Upon further investigation, this tool was in fact found to be StagingTool, a configuration manager that would potentially allow the user to not only view a full list of the hidden features currently being enabled or disabled, but also turn them on or off.

XenoPanther would later go on to report that both the Bug Bash and the StagingTool link had been taken offline, so anyone hoping to grab a copy of the tool for themselves has sadly missed their window.

While the incident will no doubt lead to some red faces amongst Microsoft's developer ranks, it is hardly a disaster for the company, or a revelation for users. Those wanting to enable their hidden Insider build features have long been able to do so via the third-party ViVeTool app.

Still, it is a good reminder to vendors and independent developers alike to keep a close eye on what you release during testing. Even test builds with a small group of users can end up resulting in the leak of unintended data.

While in this case the exposure was relatively minor for Microsoft, technically it still counts as a data leak. There was the potential for something far more valuable, or damaging, to have been exposed to users who might not have been so charitable.