Microsoft puts WinRE Vulnerability back in the BitLocker.

Share This Post

Microsoft released a PowerShell script (KB5025175) for CVE-2022-41099 that allows an attacker to utilize WinRE images to bypass BitLocker device encryption on system storage devices. The vulnerability, identified in November 2022, is easily exploited by an attacker with physical access to a device. The newly released PowerShell script automates the updating of the WinRE images embedded in the System Restore utility to versions that are not vulnerable. If you are using Bitlocker with TPM+PIN then your device is not vulnerable. There are 2 versions of the script available so be sure to grab the version applicable to your Windows Version.

Deeper Reading:
https://www.bleepingcomputer.com/news/security/microsoft-shares-script-to-fix-winre-bitlocker-bypass-flaw/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099

Link to Microsoft for the Scripts and instructions for deployment:
https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589



Reach out to our incident response team for help

More To Explore

Information Security News – 10/6/2025

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks Article Link: https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html Nursery Hackers Threaten to Publish More Children’s Profiles Online

Information Security News – 9/29/2025

US Secret Service Dismantled Covert Communications Network Near the U.N. in New York Article Link: https://securityaffairs.com/182499/intelligence/us-secret-service-dismantled-covert-communications-network-near-the-u-n-in-new-york.html Inc Ransomware Group Claims 5.7 TB Theft from Pennsylvania

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.