Microsoft releases script to fix WinRE BitLocker bypass bug (CVE-2022-41099)
Microsoft this week unveiled dedicated PowerShell scripts for enterprise IT administrators, intended to remediate CVE-2022-41099 vulnerability.
First disclosed on November 8, 2022, the flaw allows attackers with physical access to a PC to bypass BitLocker disk encryption.
This security concern for enterprises enables attackers to circumvent encryption policies and access files on storage devices. Fortunately, this functionality cannot be exploited remotely.
Microsoft previously issued security updates to address this vulnerability, and the currently released scripts are intended for devices that still cannot install security updates.
Image: BleepingComputer
KB5025175 update
This security update refers to the PowerShell scripts released by Microsoft, providing two scripts for enterprise IT administrators to utilize as needed.
The recommended script is PatchWinREScript_2004plus.ps1, which supports Windows 10 Version 2004 and later versions.
While this script is more robust, its support for system versions is limited. During its use, the system will automatically install the latest Dynamic System Update and update the WinRE image.
The PatchWinREScript_General.ps1 script supports all versions of Windows 10/11, including older ones, but its security logic is not as robust as the previous script.
If enterprises still cannot install the update, enabling TPM+PIN protection is an alternative. In this case, hackers cannot decrypt data without the PIN.
Both scripts require an internet connection during execution. To avoid potential issues, it is advisable to back up data or create a recovery image using third-party software beforehand.
Other information provided by Microsoft
When the script is executed, the system will automatically load the current version of the WinRE image file. Please note that the loaded version is still the current system version, not a new version.
Subsequently, the script will update the WinRE image online through the Safe OS provided by the system update directory and then unload the image.
Next, the BitLocker TPM protection program will reconfigure the WinRE image for the BitLocker service, using the updated new image.
For information on the KB5025175 update and script download links, click here. To learn more about the CVE-2022-41099 vulnerability, click here.
