Security News > 2023 > March > Microsoft shares script to fix WinRE BitLocker bypass flaw
Microsoft has released a script to make it easier to patch a BitLocker bypass security vulnerability in the Windows Recovery Environment.
This PowerShell script simplifies the process of securing WinRE images against attempts to exploit the CVE-2022-41099 flaw that enables attackers to bypass the BitLocker Device Encryption feature system storage devices.
"The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on Windows 10 and Windows 11 devices," Microsoft says in a support document published on Thursday.
"Run the script with Administrator credentials in PowerShell on the affected devices. There are two scripts available-which script you should use depends on the version of Windows you are running."
Update the WinRE image with the specified Safe OS Dynamic Update package available from the Windows Update Catalog Unmount the WinRE image.
If the BitLocker TPM protector is present, it reconfigures WinRE for BitLocker service.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-09 | CVE-2022-41099 | Unspecified vulnerability in Microsoft Windows 10 and Windows 11 BitLocker Security Feature Bypass Vulnerability low complexity microsoft | 4.6 |