BitLocker Security Feature Bypass Vulnerability
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 9 July 2024
Badges
Summary
The CVE-2024-38058 vulnerability in Microsoft's BitLocker feature allows attackers to bypass encryption and access encrypted data with physical access to the device. Due to firmware incompatibility issues, a fix for this vulnerability has been disabled, causing Windows devices to go into BitLocker recovery mode. Microsoft advises users to apply mitigation measures detailed in the KB5025885 advisory, but warns that it requires a 4-stage procedure and restarting the device eight times. After applying the mitigation on devices with Secure Boot, it will no longer be able to be removed, even after reformatting the disk. Additionally, the company did not provide information on the actual root cause or how it addressed the firmware incompatibility issues.
Affected Version(s)
Windows 10 Version 1809 < 10.0.17763.6054
Windows Server 2019 < 10.0.17763.6054
Windows Server 2019 (Server Core installation) < 10.0.17763.6054
News Articles
www.hfrance.fr CVE-2024-38058MicrosoftはBitLockerセキュリティパッチを無効にし、手動で軽減するようアドバイス
Microsoft は、パッチを適用した Windows デバイスが BitLocker 回復モード…
4 weeks ago
Krusell France CVE-2024-38058Archives des Astuces & Tutos - Krusell France
Skip to content 19 août 2024 Krusell FranceTa dose d'actu digital ! 🔥 Actu📱Smartphone💻 Informatique🕹️ Gaming🤖 IA🛠️ Astuces & Tutos Rechercher : HomeAstuces...
4 weeks ago
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode.
1 month ago
CVSS V3.1
Timeline
Vulnerability started trending.
First article discovered by BleepingComputer
Vulnerability published.