Microsoft pushes out PowerShell scripts to fix BitLocker bypass

Microsoft has fixed a vulnerability in the Windows Recovery Environment (WinRE) for Windows 10 and 11 systems that could allow access to encrypted data in storage devices.

Redmond engineers created a sample PowerShell script to enable enterprises to automatically update WinRE images to protect the Windows devices from a BitLocker security bypass vulnerability tracked as CVE-2022-41099.

There are two versions of the script (KB5025175), which should be run with administrator credentials in PowerShell, the company writes. The more robust version - PatchWinREScript_2004plus.ps1 - is for devices running Windows 10 2004 and later, including Windows 11. The other - PatchWinREScript_General.ps1 - is aimed at those with Windows 10 v1909 and earlier.

Microsoft released an advisory about the vulnerability in November 2022 and updated the notice in February.

It's not easy for attackers to exploit the flaw, according to Microsoft. If the device is protected by the BitLocker TPM+PIN, the crooks would need to know the TPM PIN to get into the system. The TPM+PIN multi-factor authentication (MFA) mode uses the device's TPM (Trusted Platform Module) security hardware and a PIN to authenticate users. In this mode, users must enter the PIN in the Windows pre-boot environment whenever the computer starts.

"The TPM is a hardware component installed in many newer computers by the computer manufacturers," Microsoft writes in a document in February. "It works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system was offline."

However, if an attacker does get into the system, they can cause some damage.

"A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device," the company writes. "An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data."

The flaw can only be exploited on systems with the winre.wim on the recovery partition.

The scripts enable organizations to determine the name of the OS Dynamic update package used to update the WinRE image. The OS Dynamic update package, which is available from the Windows Update Catalog, is OS version- and architecture-specific, so choosing the right one is important.

The package should be downloaded before the script is used. Once the script is run, if the BitLocker TPM protector is present, it will reconfigure the WinRE for BitLocker service.

BitLocker is a key tool used by Microsoft to keep data protected.

"BitLocker helps mitigate unauthorized data access by enhancing file and system protections," the company adds. "BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled." ®

About Us
Website HardCracked provides softwares, patches, cracks and keygens. If you have software or keygens to share, feel free to submit it to us here. Also you may contact us if you have software that needs to be removed from our website. Thanks for use our service!
IT News
Mar 31
The changing data landscape

Webinar How AI demands a new navigation

Mar 31
FTC urged to freeze OpenAI's 'biased, deceptive' GPT-4

AI policy wonks slam chatty hallucination-prone model in formal complaint

Mar 30
So you want to integrate OpenAI's bot. Here's how that worked for software security scanner Socket

Exclusive Hint: Hundreds of malicious npm and PyPI packages spotted

Mar 30
It's official: Ubuntu Cinnamon remix has been voted in

And it looks like educational flavor Edubuntu is returning, too

Mar 30
This US national lab turned to AI to hunt rogue nukes

All it needs to do is detect ■■■■■■■■■■ in the ■■■■■ at ■■■■■■ when the ■■■■■■■■

Mar 30
Judge grants subpoena to ID Twitter source code leaker

Unmasking also in store for anyone who's 'posted, uploaded, downloaded or modified' tweet biz code

Mar 29
Had enough of Android? First 'Focal' based Ubuntu Touch is out

First version built on 20.04 hits smartphones and tablets of UBPorts fans