BingoTingo Best Place To Gain Knowledge & WP Theme
Microsoft has published a Powershell script to help IT teams resolve a BitLocker bypass security flaw in the Windows Recovery Environment (WinRE), simplifying the process of securing WinRE images.
By Bleeping Computer (opens in new tab)the flaw, tracked as CVE-2022-41099, allows threat actors to bypass the BitLocker Device Encryption feature and access encrypted data (opens in new tab) in low-complexity attacks.
The caveat is that the attackers must have physical access to the targeted endpoints. In addition, if the user has BitLocker TPM enabled and has PIN protection, the vulnerability cannot be exploited. Therefore, the error has a severity score of 4.6 – medium.
Two versions available
The sample PowerShell script was developed by the Microsoft product team to help automate updating WinRE images on Windows 10 and Windows 11 devices.
“Run the script with administrative credentials in PowerShell on the affected devices. Two scripts are available – which script to use depends on the version of Windows you are running.”
One script is for systems running Windows 10 2004 and later (including Windows 11), while the other is for Windows 10 1909 and earlier (it will still run on all Windows 10 and Windows 11 systems, the company added up).
The vulnerability was first discovered in November 2022. At the time, Microsoft added a fix to the November Patch Tuesday cumulative update, listing it as an “important” update, but not “critical”.
When running the script in PowerShell, administrators can choose a path and name for the Safe OS Dynamic update package.
The packages are unique to the OS version being patched, as well as the chip architecture. Therefore, IT teams should download the correct one from the Microsoft Update Catalog in advance.
