Microsoft publishes PowerShell script to fix BitLocker bypass

Microsoft fixed vulnerabilities in Windows Recovery Environment (WinRE) on Windows 10 and 11 systems. This vulnerability could allow access to encrypted data on the storage device.

Engineers at Redmond have created a sample PowerShell script that allows enterprises to automatically update their WinRE images to protect their Windows devices from being tracked as being vulnerable to BitLocker security bypass. CVE-2022-41099.

There are two versions of the script (KB5025175) must be run with administrator credentials in PowerShell, the company writes. A more robust version – PatchWinREScript_2004plus.ps1 – is for devices running Windows 10 2004 and later, including Windows 11.

Microsoft released an advisory for the vulnerability in November 2022 and updated the notice in February.

According to Microsoft, it would be difficult for an attacker to exploit this vulnerability. If the device is protected by her BitLocker TPM+PIN, an attacker would need to know her TPM PIN to break into the system. TPM + PIN Multi-Factor Authentication (MFA) mode uses her TPM (Trusted Platform Module) security hardware on the device and her PIN to authenticate the user. In this mode, the user must enter her PIN in her Windows preboot environment each time the computer starts.

“The TPM is a hardware component installed in many new computers by computer manufacturers,” Microsoft writes. document in February. “Work with BitLocker to protect user data and prevent computer tampering when the system is offline.”

However, if an attacker breaks into your system, they can do some damage.

“A successful attacker could bypass the BitLocker device encryption functionality of system storage devices,” the company wrote. “An attacker with physical access to the target could exploit this vulnerability to access encrypted data.”

This flaw can only be exploited on systems with winre.wim on the recovery partition.

The script allows organizations to identify the name of the OS dynamic update package used to update the WinRE image. OS dynamic update packages available from. Windows Update Catalogis specific to the OS version and architecture, so it’s important to choose the correct one.

Before using the script, you need to download the package. When the script runs, it will reconfigure WinRE for BitLocker services if a BitLocker TPM protector is present.

BitLocker is an important tool Microsoft uses to protect your data.

“BitLocker helps mitigate unauthorized data access by providing additional file and system protection,” the company added. “BitLocker also helps ensure that data is inaccessible when BitLocker-protected computers are retired or recycled.” ®

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button