Microsoft shares script to fix WinRE BitLocker bypass flaw


In order to make patching a BitLocker bypass security flaw in the Windows Recovery Environment easier, Microsoft has developed a script (WinRE). The CVE-2022-41099 vulnerability allows attackers to get around the BitLocker Device Encryption feature on system storage devices. This PowerShell script (KB5025175) makes it easier to secure WinRE images against efforts to exploit it.

Threat actors with physical access can use this to their advantage and launch straightforward assaults to obtain encrypted data. When BitLocker TPM+PIN protection is turned on, the vulnerability, according to Microsoft, cannot be exploited.

Read More…