Microsoft issues PowerShell scripts to fix BitLocker bypass • The Register

Microsoft has mounted a vulnerability within the Home windows Restoration Setting (WinRE) for Home windows 10 and 11 techniques that might enable entry to encrypted knowledge in storage units.
Redmond engineers created a pattern PowerShell script to allow enterprises to robotically replace WinRE pictures to guard the Home windows units from a BitLocker safety bypass vulnerability tracked as CVE-2022-41099.
There are two variations of the script (KB5025175), which ought to be run with administrator credentials in PowerShell, the corporate writes. The extra strong model – PatchWinREScript_2004plus.ps1 – is for units working Home windows 10 2004 and later, together with Home windows 11. The opposite – PatchWinREScript_General.ps1 – is geared toward these with Home windows 10 v1909 and earlier.

Microsoft launched an advisory concerning the vulnerability in November 2022 and up to date the discover in February.

It isn’t simple for attackers to take advantage of the flaw, in response to Microsoft. If the system is protected by the BitLocker TPM+PIN, the crooks would want to know the TPM PIN to get into the system. The TPM+PIN multi-factor authentication (MFA) mode makes use of the system’s TPM (Trusted Platform Module) safety {hardware} and a PIN to authenticate customers. On this mode, customers should enter the PIN within the Home windows pre-boot setting each time the pc begins.
“The TPM is a {hardware} part put in in many more moderen computer systems by the pc producers,” Microsoft writes in a doc in February. “It really works with BitLocker to assist shield person knowledge and to make sure that a pc hasn’t been tampered with whereas the system was offline.”

Nonetheless, if an attacker does get into the system, they’ll trigger some injury.
“A profitable attacker might bypass the BitLocker Gadget Encryption function on the system storage system,” the corporate writes. “An attacker with bodily entry to the goal might exploit this vulnerability to realize entry to encrypted knowledge.”
The flaw can solely be exploited on techniques with the winre.wim on the restoration partition.

The scripts allow organizations to find out the title of the OS Dynamic replace bundle used to replace the WinRE picture. The OS Dynamic replace bundle, which is on the market from the Home windows Replace Catalog, is OS version- and architecture-specific, so selecting the best one is vital.

The bundle ought to be downloaded earlier than the script is used. As soon as the script is run, if the BitLocker TPM protector is current, it can reconfigure the WinRE for BitLocker service.
BitLocker is a key instrument utilized by Microsoft to maintain knowledge protected.
“BitLocker helps mitigate unauthorized knowledge entry by enhancing file and system protections,” the corporate provides. “BitLocker additionally helps render knowledge inaccessible when BitLocker-protected computer systems are decommissioned or recycled.” ®