Microsoft has fastened a vulnerability in Home windows Restoration Surroundings (WinRE) for Home windows 10 and 11 methods that might enable entry to encrypted information on storage units.

Redmond engineers created a pattern PowerShell script to permit enterprises to robotically replace WinRE photos to guard Home windows units from a BitLocker safety bypass vulnerability tracked as CVE-2022-41099.

There are two variations of the script (KB5025175), which have to be run with administrator credentials in PowerShell, the corporate writes. Essentially the most sturdy model, PatchWinRESScript_2004plus.ps1, is for units operating Home windows 10 2004 and later, together with Home windows 11. The opposite, PatchWinRESScript_General.ps1, is focused at these operating Home windows 10 v1909 and earlier.

Microsoft revealed an advisory in regards to the vulnerability in November 2022 and up to date the advisory in February.

It’s not simple for attackers to take advantage of the flaw, in response to Microsoft. If the machine is protected by BitLocker TPM+PIN, criminals might want to know the TPM PIN to get into the system. The TPM+PIN multi-factor authentication (MFA) mode makes use of the machine’s Trusted Platform Module (TPM) safety {hardware} and a PIN to authenticate customers. On this mode, customers should enter the PIN within the Home windows Preboot Surroundings every time the pc begins.

“The TPM is a {hardware} part put in on many more moderen computer systems by laptop producers,” Microsoft writes in a document in February. “It really works with BitLocker to assist defend consumer information and guarantee a pc hasn’t been tampered with whereas the system was offline.”

Nonetheless, if an attacker breaks into the system, they’ll trigger some injury.

“A profitable attacker may bypass the BitLocker Gadget Encryption characteristic on the system storage machine,” the corporate writes. “An attacker with bodily entry to the goal may exploit this vulnerability to realize entry to encrypted information.”

The flaw can solely be exploited on methods with winre.wim on the restoration partition.

The scripts enable organizations to find out the identify of the working system dynamic replace package deal used to replace the WinRE picture. The OS Dynamic replace package deal, which is offered from the Windows Update Catalogit’s particular to the model and structure of the working system, so it is very important select the correct one.

The package deal have to be downloaded earlier than utilizing the script. As soon as the script runs, if the BitLocker TPM protector is current, it’s going to reconfigure the WinRE service for BitLocker.

BitLocker is a key instrument utilized by Microsoft to maintain information protected.

“BitLocker helps mitigate unauthorized entry to information by bettering file and system safety,” the corporate provides. “BitLocker additionally helps make information inaccessible when BitLocker-protected computer systems are deregistered or recycled.” ®