Microsoft just made it easier to patch this Bitlocker bypass flaw on Windows

(Picture credit rating: HJBC / Shutterstock)

Microsoft has actually posted a Powershell text to assist IT groups correct a BitLocker avoid surveillance problem discovered in the Microsoft window Rehabilitation Setting (WinRE), streamlining the procedure of safeguarding WinRE graphics. 

Every BleepingComputer (opens up in brand new button), the problem, tracked as CVE-2022-41099, permits danger stars to bypass the BitLocker Unit File encryption attribute, as well as get to encrypted records (opens up in brand new button) in low-complexity strikes. 

The caution is actually that the aggressors need to have to possess bodily accessibility to the aim at endpoints. In addition, if the customer permitted BitLocker TPM as well as possesses PIN security, the susceptibility cannot be exploited. That’s why the flaw has a severity score of 4.6 – medium.

Two available versions

 “The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on Windows 10 and Windows 11 devices,” Microsoft said

“Run the script with Administrator credentials in PowerShell on the affected devices. There are two scripts available—which script you should use depends on the version of Windows you are running.”

One script is for systems running on Windows 10 2004 and later (Windows 11 included), while the other is for Windows 10 1909 and earlier (it will still run on all Windows 10 and Windows 11 systems, the company added).

The vulnerability was first discovered in November 2022. Back then, Microsoft added a fix to the November Patch Tuesday cumulative update, listing it as an “important” update, but not “critical”.

When running the script in Powershell, admins may choose a path as well as a name for the Safe OS Dynamic update package. 

The packages are actually unique to the model of the OS being patched, as well as to the chip architecture. Therefore, IT teams need to download the right one from the Microsoft Update Catalog in advance.

  • These are actually the best malware removal tools (opens in new tab) at the moment

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is actually a seasoned freelance journalist based in Sarajevo, Bosnia as well as Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) as well as cybersecurity (ransomware, data breaches, laws as well as policies). In his job, stretching over greater than a years, he’s composed for several media channels, featuring Al Jazeera Balkans. He’s likewise stored a number of elements on web content composing for Represent Communications.