Microsoft has released a script that fixes a BitLocker bypass security vulnerability in the Windows WinRE recovery environment.
This is a PowerShell script (KB5025175) that secures the WinRE image against exploit attempts of flaw CVE-2022-41099. This vulnerability allows attackers to bypass BitLocker Device Encryption on system storage devices.
That is, successfully exploiting this vulnerability allows hackers to have physics πρόσβαση σε κρυπτογραφημένα δεδομένα. Σύμφωνα με τη Microsoft, η ευπάθεια δεν μπορεί να αξιοποιηθεί εάν ο user has enabled BitLocker TPM+PIN protection.
Microsoft recommends that you run the script in PowerShell with administrator credentials, on the affected devices. There are two scripts available and the one you should use depends on the version of Windows you are running.
- PatchWinREScript_2004plus.ps1, for systems running Windows 10 2004 and later (including Windows 11).
- PatchWinREScript_General.ps1 for Windows 10 1909 and in older versions.
How to use the WinRE patch script
The CVE-2022-41099 patch script can be run from PowerShell with administrative privileges.
The update package should match your operating system version and processor architecture and you can download it from the Microsoft Update Catalog .
Once started, the script will perform the following steps:
-
It will mount the existing WinRE image (WINRE.WIM).
-
It will update the WinRE image with the specified package Safe OS Dynamic Update (Compatibility Update) available from its Catalog Windows Update
-
It will unmount the WinRE image.
-
If the TPM BitLocker protector is present, it reconfigures the WinRE service for BitLocker.
You are not required to reboot your system to complete the WinRE image repair process.
