Although the Redmond company made the update available in November, some systems are still affected by the vulnerability. The update could not be automatically applied to the Integrated Recovery Environment (WinRE). Many administrators have not taken the necessary steps to do this. That’s why Microsoft now has one PowerShell script published. In addition to a script for Windows 10 Build 2004 to Windows 11, a file for older Windows systems is also available for download.
Infographic Security on the Internet: Germans are afraid of data misuse
Once the script has downloaded, the code should run with admin privileges. All necessary steps should then be carried out automatically.
Attackers were able to bypass Bitlocker
The vulnerability in the encryption software had allowed attackers to completely bypass BitLocker on the system’s drive. Anyone who had access to a device could exploit the vulnerability to read encrypted data. The vulnerability is known as CVE-2022-41099. Only systems that have a recovery partition on which the WinRE image (winre.wim) was stored are affected.
Since only system drives were affected and hackers need physical access to the target system to bypass BitLocker encryption, the vulnerability was only assigned a medium threat level.
See also: