Microsoft puts WinRE Vulnerability back in the BitLocker.

Share This Post

Microsoft released a PowerShell script (KB5025175) for CVE-2022-41099 that allows an attacker to utilize WinRE images to bypass BitLocker device encryption on system storage devices. The vulnerability, identified in November 2022, is easily exploited by an attacker with physical access to a device. The newly released PowerShell script automates the updating of the WinRE images embedded in the System Restore utility to versions that are not vulnerable. If you are using Bitlocker with TPM+PIN then your device is not vulnerable. There are 2 versions of the script available so be sure to grab the version applicable to your Windows Version.

Deeper Reading:
https://www.bleepingcomputer.com/news/security/microsoft-shares-script-to-fix-winre-bitlocker-bypass-flaw/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099

Link to Microsoft for the Scripts and instructions for deployment:
https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589



Reach out to our incident response team for help

More To Explore

Information Security News – 8/25/2025

Staying One Step Ahead Article Link: https://www.fbi.gov/contact-us/field-offices/jacksonville/news/staying-one-step-ahead New USF Program Focused on AI and Cybersecurity Article Link: https://www.fox13news.com/news/new-usf-program-focused-ai-cyber-security Executives Warned About Celebrity Podcast Scams Article

Information Security News – 8/18/2025

DEF CON Research Takes Aim at ZTNA, Calls It a Bust Article Link: https://www.networkworld.com/article/4039042/def-con-research-takes-aim-at-ztna-calls-it-a-bust.html Personalization in Phishing: Advanced Tactics for Malware Article Link: https://cofense.com/blog/personalization-in-phishing-advanced-tactics-for-malware-delivery Gemini

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.