Easier Patching of Bitlocker Bypass Flaw on Windows by Microsoft
Microsoft has published a Powershell script to help IT teams fix a BitLocker bypass security flaw found in the Windows Recovery Environment (WinRE), simplifying the process of securing WinRE images. Per BleepingComputer (opens in new tab), the flaw, tracked as CVE-2022-41099, allows threat actors to bypass the BitLocker Device Encryption feature, and gain access to encrypted data (opens in new tab) in low-complexity attacks. The caveat is that the attackers need to have physical access to the target endpoints. Furthermore, if the user enabled BitLocker TPM and has PIN protection, the vulnerability cannot be exploited. That’s why the flaw has a severity score of 4.6 – medium.
Two available versions
“The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on Windows 10 and Windows 11 devices,” Microsoft said. “Run the script with Administrator credentials in PowerShell on the affected devices. There are two scripts available—which script you should use depends on the version of Windows you are running.”One script is for systems running on Windows 10 2004 and later (Windows 11 included), while the other is for Windows 10 1909 and earlier (it will still run on all Windows 10 and Windows 11 systems, the company added).The vulnerability was first discovered in November 2022. Back then, Microsoft added a fix to the November Patch Tuesday cumulative update, listing it as an “important” update, but not “critical”.When running the script in Powershell, admins can choose a path and a name for the Safe OS Dynamic update package. The packages are unique to the version of the OS being patched, as well as to the chip architecture. Therefore, IT teams need to download the right one from the Microsoft Update Catalog in advance.
Microsoft just made it easier to patch this Bitlocker bypass flaw on Windows
Microsoft has recently made it easier to patch the Bitlocker bypass flaw on Windows which had been causing problems for users. The flaw was allowing hackers to gain access to the Bitlocker-encrypted hard drive by using a memory dump attack. However, with the new update from Microsoft, this flaw can be easily patched.
What is the Bitlocker bypass vulnerability?
The Bitlocker bypass vulnerability is a flaw in the Bitlocker encryption program that allows attackers to access the data on an encrypted hard drive by using a memory dump attack. This means that attackers can extract the encryption key from memory and then use this key to decrypt the hard drive data.
How did Microsoft patch the vulnerability?
Microsoft has released a new update that patches the Bitlocker bypass vulnerability. The update ensures that the encryption key is removed from memory once the user has logged in, making it more difficult for attackers to access the key and subsequently the encrypted data.
Do I need to update my Windows software?
Yes, it is recommended that all Windows users update their software to ensure that they are protected against the Bitlocker bypass vulnerability. The update can be downloaded from the Microsoft website or through the automatic update system on your device.
Will this update affect my device’s performance?
No, the update should not affect the performance of your device. However, it is always recommended to back up your important data before installing any updates, just in case there are any unforeseen issues.
In conclusion, the Bitlocker bypass vulnerability has been a serious concern for many Windows users, but Microsoft has now provided a solution with its latest update. It is important for all Windows users to ensure that they have installed the update to protect their devices and data from potential attacks.