Microsoft has released a Powershell script to help IT teams fix a BitLocker bypass security flaw found in Windows Recovery Environment (WinRE), simplifying the process of securing WinRE images.
By BleepingComputer (opens in a new tab)the flaw, identified as CVE-2022-41099, allows hackers to bypass the BitLocker Device Encryption feature and gain access to encrypted data (opens in a new tab) in low complexity attacks.
The caveat is that attackers must have physical access to target endpoints. Additionally, if the user has BitLocker TPM enabled and has PIN protection, the vulnerability cannot be exploited. This is why the flaw has a severity score of 4.6 – medium.
Two versions available
“The sample PowerShell script was developed by the Microsoft product team to help automate updating WinRE images on Windows 10 and Windows 11 devices,” Microsoft said.
“Run the script with administrator credentials in PowerShell on the affected devices. Two scripts are available. The script to use depends on the version of Windows you are running.”
One script is for systems running Windows 10 2004 and later (Windows 11 included), while the other is for Windows 10 1909 and earlier (it will still work on all Windows 10 and Windows 11 systems, added the society).
The vulnerability was first discovered in November 2022. At the time, Microsoft added a fix to the November Patch Tuesday cumulative update, listing it as an “important” but not “critical” update. .
When running the script in Powershell, administrators can choose a path and name for the Safe OS dynamic update package.
The packages are unique to the patched OS version, as well as the chip architecture. Therefore, IT teams should download the correct one from the Microsoft Update Catalog in advance.