[German]It has been known since November 2022 that there is a Bitlocker bypass vulnerability CVE-2022-41099 in the Windows Recovery Environment (WinRE). Patching it, however, is anything but easy (see blog post Windows 10: Be aware of WinRE WinRE patch to fix Bitlocker bypass vulnerability CVE-2022-41099). Now Microsoft has released a script to install the WinRE BitLocker bypass fix on systems.
Advertising
Win RE Bitlocker bypass vulnerability fix
In November 2022, Microsoft attempted to fix a vulnerability (CVE-2022-41099) discovered in its Win RE environment, which could be used to bypass Bitlocker, via an update.
- In all affected Windows 10 systems, a successful attacker can bypass the BitLocker Device Encryption feature on the system storage device.
- However, the attacker needs physical access to the target device to exploit the vulnerability to gain access to encrypted data.
- In addition, the vulnerability cannot be exploited if the user has BitLocker TPM+PIN protection enabled, according to Microsoft.
There is a patch to close the vulnerability – but its installation involves manual intervention and there were many problems. I had first reported on this issue in the blog post Windows 10: Be aware of WinRE WinRE patch to fix Bitlocker bypass vulnerability CVE-2022-41099. Later, Microsoft added a fix to its FAQ BitLocker Security Feature Bypass Vulnerability CVE-2022-41099. I had picked this up in the blog post Windows 10: Update on WinRE patch (fix for Bitlocker bypass vulnerability CVE-2022-41099).
Renewed rectification by Microsoft
I therefore assumed after the above posts that the issue was largely off the table. Now I saw this morning from the colleagues at Bleeping Computer that Microsoft is again touching up and providing a script to close the vulnerability via an available update. Blog readers have also alerted me to these updates via email and in comments (thanks for that).
On March 16, 2023, Microsoft has published the support article KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099. This article is aimed at Windows 10 and Windows 11 administrators who have not yet closed the Bitlocker bypass vulnerability CVE-2022-41099 in the Windows Recovery Environment (WinRE).
Microsoft has developed a sample PowerShell script that administrators can use to automate updating the Windows Recovery Environment (WinRE) on deployed devices, and remediate the CVE-2022-41099 vulnerability. The script must be run in an administrative command prompt or PowerShell console on Windows 10/11.
Advertising
Microsoft's support site offers a version of the PowerShell script for Windows 10 version 1909 and earlier, but which is supposed to be able to be used on all versions of Windows 10 and Windows 11. In addition, Microsoft has released a second (supposedly more robust) PowerShell script that supports Windows 10 version 2004 and later and Windows 11 version 21H2 and later.
The scripts are displayed in the source code and must be copied to a .ps1 file. Then administrators still need the dynamic update matching the Windows system with the updated Win RE environment from the Microsoft Update Catalog. The patching procedure is described in the support articleKB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099.
Similar articles:
Windows 10: Be aware of WinRE WinRE patch to fix Bitlocker bypass vulnerability CVE-2022-41099
Windows 10: Update on WinRE patch (fix for Bitlocker bypass vulnerability CVE-2022-41099)
