Microsoft shares script to fix WinRE BitLocker bypass flaw


Microsoft has released a script to make it easier to patch a BitLocker bypass security vulnerability in the Windows Recovery Environment (WinRE).

This PowerShell script (KB5025175) simplifies the process of securing WinRE images against attempts to exploit the CVE-2022-41099 flaw that enables attackers to bypass the BitLocker Device Encryption feature system storage devices.

Successful exploitation of this enables threat actors with physical access to access encrypted data in low-complexity attacks.

Read more…