Microsoft safety researchers have uncovered 4 important vulnerabilities in Home windows BitLocker that might enable attackers with bodily entry to bypass the encryption system and extract delicate knowledge.
The findings, revealed in analysis dubbed “BitUnlocker,” show subtle assault strategies focusing on the Home windows Restoration Setting (WinRE) to bypass Microsoft’s flagship knowledge safety expertise.
Safety Flaws Goal Home windows Restoration Setting
The vulnerabilities, found by Alon Leviev and Netanel Ben Simon from Microsoft’s Offensive Analysis & Safety Engineering (MORSE) workforce, exploit weaknesses in how WinRE processes exterior information and configurations.
The researchers recognized 4 distinct assault vectors that enable unauthorized entry to BitLocker-protected programs:
- CVE-2025-48800 allows attackers to bypass WIM (Home windows Imaging Format) validation by manipulating the Boot.sdi file’s offset pointer, inflicting the system as well an untrusted restoration atmosphere whereas validating a trusted one.
- CVE-2025-48003 exploits ReAgent.xml parsing to schedule malicious operations, together with launching tttracer.exe to execute command prompts with full system entry.
- CVE-2025-48804 leverages WinRE app belief validation by using the pre-registered SetupPlatform.exe to realize persistent command-line entry via keyboard shortcuts.
- CVE-2025-48818 targets BCD (Boot Configuration Knowledge) parsing to redirect WinRE’s goal OS location, enabling Push Button Reset exploitation to decrypt BitLocker volumes.
The analysis reveals that WinRE, designed as a restoration platform for important system points, inadvertently creates an assault floor when parsing configuration information from unprotected volumes.
Attackers can manipulate these exterior information to realize elevated privileges and entry encrypted knowledge with out triggering BitLocker’s commonplace safety mechanisms.
Microsoft Responds with July 2025 Safety Patches
Microsoft addressed all 4 vulnerabilities as a part of its July 2025 Patch Tuesday launch, issuing complete safety updates throughout affected Home windows variations.
The patches goal Home windows 10 (variations 1607, 21H2, 22H2), Home windows 11 (variations 22H2, 23H2, 24H2), and Home windows Server editions (2016, 2022, 2025).
Safety updates KB5062552, KB5062553, KB5062554, and KB5062560 particularly deal with the BitLocker vulnerabilities, with organizations urged to prioritize rapid deployment.
The vulnerabilities carry CVSS scores starting from 6.8 to eight.1, with Microsoft assessing exploitation as “extra doubtless” for a number of of the issues.
The analysis workforce’s findings have been scheduled for presentation at Black Hat USA 2025 in Las Vegas, highlighting the importance of the discoveries inside the cybersecurity neighborhood.
The presentation, titled “BitUnlocker: Leveraging Home windows Restoration to Extract BitLocker Secrets and techniques,” demonstrates the researchers’ complete evaluation of WinRE’s safety structure and assault methodologies.
Enhanced Safety Methods and Trade Influence
Past making use of the safety patches, Microsoft recommends implementing further BitLocker countermeasures to strengthen safety in opposition to bodily assaults.
Organizations ought to allow TPM+PIN for pre-boot authentication, which provides a further authentication layer earlier than the system boots, considerably decreasing the danger of bodily bypass makes an attempt.
Microsoft additionally advises enabling the REVISE mitigation for anti-rollback safety, which prevents attackers from downgrading to susceptible system states.
These enhanced protections work together with the safety patches to supply complete protection in opposition to the recognized assault vectors.
The discoveries underscore the significance of defense-in-depth methods for knowledge safety, notably in situations involving bodily machine entry.
Whereas BitLocker stays a sturdy encryption answer, the analysis demonstrates that even subtle safety programs require steady analysis and enchancment to handle rising risk vectors.
The BitUnlocker analysis represents a big contribution to understanding encryption bypass methods and reinforces the important position of inner safety analysis groups in figuring out and addressing vulnerabilities earlier than they are often exploited maliciously.
Organizations counting on BitLocker for knowledge safety ought to prioritize making use of the July 2025 safety updates whereas implementing the advisable further safety measures to keep up sturdy safety in opposition to bodily assaults.
Discover this Information Fascinating! Comply with us on Google Information, LinkedIn, & X to Get Prompt Updates!
