Microsoft fixes BitLocker bypass flaw in WinRE environment

Microsoft has released a script that fixes a BitLocker bypass security vulnerability in the Windows WinRE recovery environment.

WinRE, Microsoft, Windows, Bitlocker

This is a PowerShell script (KB5025175) that secures the WinRE image against exploit attempts of flaw CVE-2022-41099. This vulnerability allows attackers to bypass BitLocker Device Encryption on system storage devices.

That is, successful exploitation of this vulnerability allows hackers to gain physical access to encrypted data. According to Microsoft, the vulnerability cannot be exploited if the user has enabled BitLocker TPM+PIN protection.

Microsoft recommends that you run the script in PowerShell with administrator credentials, on the affected devices. There are two scripts available and the one you should use depends on the version of Windows you are running.

  • PatchWinREScript_2004plus.ps1, for systems running Windows 10 2004 and later (including Windows 11).
  • PatchWinREScript_General.ps1 for Windows 10 1909 and earlier versions.

How to use the WinRE patch script
The CVE-2022-41099 patch script can be run from PowerShell with administrative privileges.

The update package should match your operating system version and processor architecture and you can download it from the Microsoft Update Catalog .

Once started, the script will perform the following steps:

  • It will mount the existing WinRE image (WINRE.WIM).

  • It will update the WinRE image with the specified package Safe OS Dynamic Update (Compatibility Update) available from the Windows Update Catalog

  • It will unmount the WinRE image.

  • If the TPM BitLocker protector is present, it reconfigures the WinRE service for BitLocker.

You are not required to reboot your system to complete the WinRE image repair process.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.097 registrants.
WinRE, Microsoft, Windows, Bitlocker

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).