Proof-of-Concept Disclosed: New “BitUnlocker” Attack Bypasses Patched Windows 11 BitLocker via Certificate Downgrade

In the world of cybersecurity, a “patch” is often viewed as the final word in a vulnerability’s lifecycle. However, a new discovery by researchers at Intrinsec (originally documented by the Microsoft STORM team) has revealed that for millions of Windows 11 users, the “fix” for a critical BitLocker flaw is fundamentally incomplete.

Dubbed the “BitUnlocker Downgrade Attack,” this newly released proof-of-concept (PoC) demonstrates how an attacker can bypass BitLocker disk encryption on fully patched machines in under five minutes.

The root of the problem isn’t that the patch didn’t work—it’s that the old, vulnerable versions are still being trusted by your hardware.

In July 2025, Microsoft released a fix for a System Deployment Image (SDI) vulnerability (CVE-2025-48804) that allowed attackers to infect the Windows Recovery Environment (WinRE) to access decrypted volumes. While updated machines received a patched boot manager, a critical loophole remains: Secure Boot only verifies the signing certificate of a binary, not its version.

As the researchers explain, “A vulnerable ‘bootmgfw.efi’ from before July 2025, signed with the PCA 2011 certificate, is perfectly valid from the point of view of Secure Boot, just as much as the patched version.”

Because Microsoft has not revoked the old PCA 2011 certificate—a move that would present a “real operational challenge” for global infrastructure—thousands of machines remain open to a downgrade attack.

The BitUnlocker attack is remarkably efficient and does not require complex or expensive equipment. An attacker with physical access can execute the following chain:

1. Downgrade: The attacker replaces the system’s patched boot manager with a vulnerable version from before July 2025.
2. Manipulation: The attacker introduces a modified SDI file containing an infected WinRE image.
3. The Switch: During boot, the legacy boot manager checks the integrity of a legitimate image while simultaneously booting from the attacker’s infected version.
4. Decryption: Because the signature is valid, the Trusted Platform Module (TPM) releases the BitLocker keys normally.
5. Access: A terminal window opens with the entire OS volume fully decrypted and mounted.

The researchers have made this PoC available on GitHub, offering two primary delivery methods: a simple USB boot (the recommended approach) or a more complex PXE network boot.

For system administrators and security-conscious users, relying on default BitLocker settings is no longer sufficient against a determined adversary. The Intrinsec report highlights two critical mitigation paths:

• Enable TPM + PIN: This is the most immediate defense. Adding a pre-boot PIN prevents the TPM from unsealing the encryption keys without direct user interaction, effectively neutralizing the automated boot-path manipulation.
• Migrate to Windows UEFI CA 2023: Organizations should begin the transition to the newer CA 2023 certificate. Once the boot manager is exclusively signed with the new certificate and the old PCA 2011 is revoked via the KB5025885 migration procedure, these downgrade attacks become technically impossible.