Microsoft releases PowerShell script to address Windows Bitlocker vulnerability

Topic

New Reply

[Alex5723]

https://www.ghacks.net/2023/03/17/microsoft-releases-powershell-script-to-address-windows-bitlocker-vulnerability/

Microsoft has released a PowerShell script for Windows 10 and 11 devices to address a BitLocker security feature bypass vulnerability.

Microsoft confirmed the issue on November 8, 2022. It is tracked as CVE-2022-41099. Successful exploitation of the issue allows attackers to bypass BitLocker Device Encryption protections on the system storage device, according to Microsoft’s description. Physical access to the device is required to exploit the vulnerability and access the encrypted data.

Microsoft released a security update for the issue, but system administrators had to install it to the Windows Recovery Environment manually up until now…

KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099

• This topic was modified 1 week, 4 days ago by Alex5723.

1 user thanked author for this post.

b

Reply | Quote

Replies

Enough businesses complained.

Susan Bradley Patch Lady

Reply | Quote

I have Bitlocker disabled in services.  No one has physical access to my machines, and in my view there is simply no need to add a layer of complexity to my file system.

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

We all have our own reasons for doing the things that we do. We don't all have to do the same things.

Computer Specs

Reply | Quote

I assume that KB5025175 won’t be offered as part of the March updates?

 

regards

 

GeoffB

Reply | Quote