Security News > 2023 > March > Microsoft shares script to fix WinRE BitLocker bypass flaw

Microsoft shares script to fix WinRE BitLocker bypass flaw
2023-03-17 06:03

Microsoft has released a script to make it easier to patch a BitLocker bypass security vulnerability in the Windows Recovery Environment.

This PowerShell script simplifies the process of securing WinRE images against attempts to exploit the CVE-2022-41099 flaw that enables attackers to bypass the BitLocker Device Encryption feature system storage devices.

"The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on Windows 10 and Windows 11 devices," Microsoft says in a support document published on Thursday.

"Run the script with Administrator credentials in PowerShell on the affected devices. There are two scripts available-which script you should use depends on the version of Windows you are running."

Update the WinRE image with the specified Safe OS Dynamic Update package available from the Windows Update Catalog Unmount the WinRE image.

If the BitLocker TPM protector is present, it reconfigures WinRE for BitLocker service.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-shares-script-to-fix-winre-bitlocker-bypass-flaw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-11-09 CVE-2022-41099 Unspecified vulnerability in Microsoft Windows 10 and Windows 11
BitLocker Security Feature Bypass Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399