Η Microsoft κυκλοφόρησε ένα script που διορθώνει μια ευπάθεια ασφαλείας παράκαμψης του BitLocker στο περιβάλλον αποκατάστασης των Windows WinRE.
This is a PowerShell script (KB5025175) that secures the WinRE image against exploit attempts of flaw CVE-2022-41099. This vulnerability allows attackers to bypass BitLocker Device Encryption on system storage devices.
That is, successful exploitation of this vulnerability allows hackers to gain physical access to encrypted data. According to Microsoft, the vulnerability cannot be exploited if the user has enabled BitLocker TPM+PIN protection.
Microsoft recommends that you run the script in PowerShell with administrator credentials, on the affected devices. There are two scripts available and the one you should use depends on the version of Windows you are running.
- PatchWinREScript_2004plus.ps1, for systems running Windows 10 2004 and later (including Windows 11).
- PatchWinREScript_General.ps1 for Windows 10 1909 and earlier versions.
How to use the WinRE patch script
The CVE-2022-41099 patch script can be run from PowerShell with administrative privileges.
The update package should match your operating system version and processor architecture and you can download it from the Microsoft Update Catalog .
Once started, the script will perform the following steps:
It will mount the existing WinRE image (WINRE.WIM).
It will update the WinRE image with the specified package Safe OS Dynamic Update (Compatibility Update) available from the Windows Update Catalog
It will unmount the WinRE image.
If the TPM BitLocker protector is present, it reconfigures the WinRE service for BitLocker.
You are not required to reboot your system to complete the WinRE image repair process.