Project Hyphae

Microsoft puts WinRE Vulnerability back in the BitLocker.

Share This Post

Microsoft released a PowerShell script (KB5025175) for CVE-2022-41099 that allows an attacker to utilize WinRE images to bypass BitLocker device encryption on system storage devices. The vulnerability, identified in November 2022, is easily exploited by an attacker with physical access to a device. The newly released PowerShell script automates the updating of the WinRE images embedded in the System Restore utility to versions that are not vulnerable. If you are using Bitlocker with TPM+PIN then your device is not vulnerable. There are 2 versions of the script available so be sure to grab the version applicable to your Windows Version.

Deeper Reading:

Link to Microsoft for the Scripts and instructions for deployment:

Reach out to our incident response team for help

More To Explore

Information Security News 9-18-2023

Iranian Cyberspies Target Thousands of Organizations with Password Spray Attacks Article Link: Requests via Facebook Messenger Lead to Hijacked Business Accounts Article Link:

Information Security News 9-11-2023

University of Michigan Requires Password Resets After Cyberattack Article Link: Attackers Accessed UK Military Data Through High-Security Fencing Firm’s Windows 7 Rig Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.