Microsoft puts WinRE Vulnerability back in the BitLocker.

Share This Post

Microsoft released a PowerShell script (KB5025175) for CVE-2022-41099 that allows an attacker to utilize WinRE images to bypass BitLocker device encryption on system storage devices. The vulnerability, identified in November 2022, is easily exploited by an attacker with physical access to a device. The newly released PowerShell script automates the updating of the WinRE images embedded in the System Restore utility to versions that are not vulnerable. If you are using Bitlocker with TPM+PIN then your device is not vulnerable. There are 2 versions of the script available so be sure to grab the version applicable to your Windows Version.

Deeper Reading:
https://www.bleepingcomputer.com/news/security/microsoft-shares-script-to-fix-winre-bitlocker-bypass-flaw/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099

Link to Microsoft for the Scripts and instructions for deployment:
https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589



Reach out to our incident response team for help

More To Explore

Information Security News 9-30-2024

NIST Drops Password Complexity, Mandatory Reset Rules Article Link: https://www.darkreading.com/identity-access-management-security/nist-drops-password-complexity-mandatory-reset-rules Hacker Plants False Memories in ChatGPT to Steal User Data in Perpetuity Article Link: https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.