Project Hyphae

Microsoft puts WinRE Vulnerability back in the BitLocker.

Share This Post

Microsoft released a PowerShell script (KB5025175) for CVE-2022-41099 that allows an attacker to utilize WinRE images to bypass BitLocker device encryption on system storage devices. The vulnerability, identified in November 2022, is easily exploited by an attacker with physical access to a device. The newly released PowerShell script automates the updating of the WinRE images embedded in the System Restore utility to versions that are not vulnerable. If you are using Bitlocker with TPM+PIN then your device is not vulnerable. There are 2 versions of the script available so be sure to grab the version applicable to your Windows Version.

Deeper Reading:

Link to Microsoft for the Scripts and instructions for deployment:

Reach out to our incident response team for help

More To Explore

Information Security News 6-10-2024

Frontier Warns 750,000 of a Data Breach After Extortion Threats Article Link: ‘Fog’ Ransomware Rolls in to Target Education, Recreation Sectors Article Link:

Information Security News 6-3-2024

Snowflake Data Breach Impacts Ticketmaster, Other Organizations Article Link: 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx Article Link: LastPass

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.