Microsoft Shares Script To Fix WinRE BitLocker Bypass Flaw

Microsoft has released a script to make it easier to patch a BitLocker bypass security vulnerability in the Windows Recovery Environment (WinRE).

This PowerShell script simplifies the process of securing WinRE images against attempts to exploit the CVE-2022-41099 flaw that enables attackers to bypass the BitLocker Device Encryption feature system storage devices.

Successful exploitation of this enables threat actors with physical access to access encrypted data in low-complexity attacks.

According to Microsoft, the vulnerability cannot be exploited if the user has enabled BitLocker TPM+PIN protection.

“The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on Windows 10 and Windows 11 devices,” Microsoft says in a support document published on Thursday.

“Run the script with Administrator credentials in PowerShell on the affected devices. There are two scripts available—which script you should use depends on the version of Windows you are running.”

The recommended script version is PatchWinREScript_2004plus.ps1 which helps apply the security updates on systems running Windows 10 2004 and later (including Windows 11).

The other PowerShell script (PatchWinREScript_General.ps1) is less robust and should be used on Windows 10 1909 and earlier versions (although it will run on all Windows 10 and Windows 11 systems).

PatchWinREScript test — *Using the PatchWinREScript to update a WinRE image (BleepingComputer)*

How to use the WinRE patch script

The CVE-2022-41099 patch scripts can be run from a Windows PowerShell and allow admins to specify the path and name of the Safe OS Dynamic update package that should be used to update the WinRE image.

These update packages are OS-version-specific and processor architecture-specific and have to be downloaded from the Microsoft Update Catalog beforehand.

The scrips also allow passing a workDir parameter to select the scratch space to be used during the patching process (if not specified, the script will use the default Windows temp folder).

Once started, the script will go through the following steps:

Mount the existing WinRE image (WINRE.WIM).
Update the WinRE image with the specified Safe OS Dynamic Update (Compatibility Update) package available from the Windows Update Catalog (the latest update available for the version of Windows installed on the device is recommended)
Unmount the WinRE image.
If the BitLocker TPM protector is present, it reconfigures WinRE for BitLocker service.

After running the script, you will not be required to reboot the system to complete the WinRE image patching process.

Source link

LiteSpeed Cache vs WP Rocket

Shared Web Hosting: Is It the Right Choice for Your Website?

Memorial Day Weekend Deals

Crucial Things to Know When Choosing Web Hosting Services

Switching to cPanel’s Jupiter Theme

Automatically Clear Elementor Cache and Regenerate CSS

Website Speedtest macOS Shortcuts

New method accelerates data retrieval in huge databases

LiteSpeed Cache Settings for Voxel

Are You Using Redis Cache on Your Website?

Automatically Clear Elementor Cache and Regenerate CSS

Unlock the Full Potential of Elementor with These 10 Advanced Tips

Master the Art of Web Design with Elementor Pro

What Is CSS Print Method in the Elementor Settings? Which Should I Choose?

Remove Unused Elementor Widgets

How to use the WinRE patch script

Memorial Day Weekend Deals

Securing Your Business Internet Network: Best Practices for Enhanced Cybersecurity

Opera Adds Free VPN to Opera for iOS, Becomes the First Major Browser to Bring Coverage to All Platforms

Tags

Microsoft shares script to fix WinRE BitLocker bypass flaw

How to use the WinRE patch script

Related Posts