Microsoft has published a Powershell script to help IT teams fix BitLocker bypass security flaws found in the Windows Recovery Environment (WinRE), simplifying the process of securing WinRE images.
per Bleeping computer (opens in new tab) This flaw, tracked as CVE-2022-41099, allows attackers to bypass BitLocker Device Encryption functionality and gain access to encrypted data. (opens in new tab) with low complexity attacks.
The caveat is that the attacker must have physical access to the target endpoint. Additionally, if the user has her BitLocker TPM enabled and uses PIN protection, the vulnerability cannot be exploited. Therefore, the severity score for this flaw is 4.6 – Medium.
Two versions available
“A sample PowerShell script was developed by the Microsoft product team to automate WinRE image updates on Windows 10 and Windows 11 devices,” Microsoft said.
“In PowerShell on the affected device, run the script with administrator credentials. There are two scripts you can use. Which script you use depends on which version of Windows you are running. increase.”
One script is for systems running Windows 10 2004 and later (including Windows 11), and one is for Windows 10 1909 and earlier (which will continue to run on all Windows 10 and Windows 11 systems, the company says). added).
This vulnerability was first discovered in November 2022. At the time, Microsoft added the fix to his November Patch Tuesday Cumulative Update, listing it as an “Important” update instead of “Important.”
When running scripts in Powershell, administrators can choose the path and name of the Safe OS dynamic update package.
Packages are specific to the OS version and chip architecture to be patched. Therefore, IT teams should download the appropriate ones from the Microsoft Update Catalog in advance.