Windows 10: BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

Bruno_123_123 · Apr 6, 2023

Hello,This is a about CVE-2022-41099 and KB5025175.Firstly, the KB5025175 page provides PatchWinREScript_2004plus.ps1 and PatchWinREScript_General.ps1 as "Sample" scripts, presumably expecting us to read and understand them before running them.- Could we have a "download" option, instead of having to copy/paste/save?- Also, is there any chance Microsoft could make them readable by formatting and indenting them properly?Secondly, the link in KB5025175 says "We recommend that you use the latest Safe OS Dynamic Update available for the version of Windows installed on the device." The Windows

:)

BenHWEX · Apr 6, 2023

Was Follina (CVE-2022-30190) not actually addressed in the June 2022 Security Patch?

Hello,

I have an issue with the flow of information when using the MSRC Portal, as the Follina CVE (CVE-2022-30190) is not showing as part of the CVE's addressed in the June 2022 patch, even though it does say that the June 2022 Security Patch fixes the Vulnerability.

Please follow my steps:

MSRC's Follina CVE page Security Update Guide - Microsoft Security Response Center

Navigate to the bottom and select the KB Article for Server 2019 (this applies to all other KB Articles, but this is my example)

https://support.microsoft.com/en-gb...763-3046-62fe56c1-a8c0-40e8-a901-677ab9538bf8

In this article, follow the link under Improvements -> "June 2022 Security Updates."

This brings you back to the MSRC page: Security Update Guide - Microsoft Security Response Center

These release notes DO NOT say that the CVE-2022-30190 was addressed in the June patching...?

Can someone please help here and confirm if the Follina CVE (CVE-2022-30190) patch was actually applied in the June Patch Tuesday release?

BenHWEX · Apr 6, 2023

Was Follina (CVE-2022-30190) not actually addressed in the June 2022 Security Patch?

I'll create a thread in the Server 2019 area, thank you.

I tried to help you find an article you didn't mention, the Windows listings in this article don't have Windows Sever 2019. but I think you can confirm that in Microsoft Docs.

Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center
Click to expand...

You have actually just pointed out another issue, as the Link you provided brings me to the CVE's Blog and the links inside THAT blog redirect me to an Internet Explorer Security Update, not a Follina update...?

/blog/2022/05/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/

https://support.microsoft.com/en-gb...-12-2022-e8e52940-aaf1-48fd-8f1d-a3cf83e4ac68

Brink · Apr 6, 2023

KB5012170: Security update for Secure Boot DBX: August 9, 2022

KB5012170: Security update for Secure Boot DBX: August 9, 2022

Applies to

This security update applies only to the following Windows versions:

Windows Server 2012

Windows 8.1 and Windows Server 2012 R2

Windows 10, version 1507

Windows 10, version 1607 and Windows Server 2016

Windows 10, version 1809 and Windows Server 2019

Windows 10, version 20H2

Windows 10, version 21H1

Windows 10, version 21H2

Windows Server 2022

Windows 11, version 21H2 (original release)

Azure Stack HCI, version 1809

Azure Stack Data Box, version 1809 (ASDB)

Summary

This security update makes improvements to Secure Boot DBX for the supported Windows versions listed in the "Applies to" section. Key changes include the following:

Windows devices that has Unified Extensible Firmware Interface (UEFI) based firmware can run with Secure Boot enabled. The Secure Boot Forbidden Signature Database (DBX) prevents UEFI modules from loading. This update adds modules to the DBX.

A security feature bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability might bypass secure boot and load untrusted software.

This security update addresses the vulnerability by adding the signatures of the known vulnerable UEFI modules to the DBX.

To learn more about this security vulnerability, see the following advisory:

ADV200011 | Microsoft Guidance for Addressing Security Feature Bypass in GRUB

For additional information about this security vulnerability, see the following resources:

CVE-2022-34301 | Eurosoft Boot Loader Bypass

CVE-2022-34302 | New Horizon Data Systems Inc Boot Loader Bypass

CVE-2022-34303 | Crypto Pro Boot Loader Bypass

Known issues

[table][tr][td]Issue[/td] [td]Next step[/td] [/tr] [tr][td]Some original equipment manufacturer (OEM) firmware might not allow for the installation of this update.[/td] [td]To resolve this issue, contact your firmware OEM.[/td] [/tr] [tr][td]If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the update failing to install. To view the PCR7 binding status, run the Microsoft System Information (Msinfo32.exe) tool with administrative permissions.[/td] [td]To workaround this issue, do one of the following before you deploy this update:

On a device that does not have Credential Gard enabled, run following command from an Administrator command prompt to suspend BitLocker for 1 restart cycle: Manage-bde –Protectors –Disable C: -RebootCount 1 Then, deploy the update and restart the device to resume the BitLocker protection.

On a device that has Credential Guard enabled, run the following command from an Administrator command prompt to suspend BitLocker for 2 restart cycles: Manage-bde –Protectors –Disable C: -RebootCount 3 Then, deploy the update and restart the device to resume the BitLocker protection.

[/td] [/tr] [tr][td]When attempting to install this update, it might fail to install, and you might receive Error 0x800f0922. Note This issue only affects this security update for Secure Boot DBX (KB5012170) and does not affect the latest cumulative security updates, monthly rollups, or security-only updates released on August 9, 2022.[/td] [td]This issue can be mitigated on some devices by updating the UEFI bios to the latest version before attempting to install this update. We are presently investigating and will provide an update in an upcoming release.[/td] [/tr] [tr][td]Some devices might enter BitLocker Recovery on the first or second restart after attempting to install this update on Windows 11.[/td] [td]If your device is prompting for a BitLocker Recovery key, you will need to supply it to start Windows. For more information, see Finding your BitLocker recovery key in Windows. If you have not installed this update and have BitLocker enabled on your device, follow the instructions below to temporarily suspend BitLocker before installing. If you have installed this update and have not yet restarted your device or have only restarted your device once, temporarily suspend BitLocker by using the instructions below. IMPORTANT: If you have restarted your device two times or more after installing this update, your device is not affected by this issue. To temporarily suspend BitLocker, or to avoid a BitLocker recovery when deploying this update, follow these steps:

Run the following command from an Administrator command prompt: Manage-bde -protectors -disable %systemdrive% -rebootcount 2

Install this update, if not already installed.

Restart the device.

Then, restart the device a second time.

BitLocker should automatically be enabled after two restarts. If you want to manually resume BitLocker to verify that it is enabled, use the following command: Manage-bde -protectors -Enable %systemdrive%

Status: We are working on a resolution and will provide an update in an upcoming release.[/td] [/tr] [/table]

How to get this update

[table][tr]Release Channel Available Next Step [/tr] [tr][td]Windows Update or Microsoft Update[/td] [td]Yes[/td] [td]None. This update will be downloaded and installed automatically from Windows Update.[/td] [/tr] [tr][td]Windows Update for Business[/td] [td]Yes[/td] [td]None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies.[/td] [/tr] [tr][td]Microsoft Update Catalog[/td] [td]Yes[/td] [td]To get the standalone package for this update, go to the Microsoft Update Catalog website.[/td] [/tr] [tr][td]Windows Server Update Services (WSUS)[/td] [td]Yes[/td] [td]This update will automatically synchronize with WSUS if you configure Products and Classifications as follows: Product: Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows 10, version 1903 and later, Windows 11, Azure Stack HCI, Azure Data Box Classification: Security Updates[/td] [/tr] [/table]

Prerequisites

Make sure you have the lastest servicing stack update (SSU) installed. For information about the latest SSU for your operating system, see ADV990001 | Latest Servicing Stack Updates.

Restart information
Your device does not have to restart when you apply this update. If you have Windows Defender Credential Guard (Virtual Secure Mode) enabled, your device might request a restart.

Update replacement information

This update replaces previously released update KB4535680.

File information

The English (United States) version of this security update installs files that have the attributes that are listed in the following tables.
Click to expand...

Read more: https://support.microsoft.com/en-us/...8-c42bd211bb15

Windows 10: BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175 - Similar Threads - BitLocker Security Feature

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

BitLocker Security Feature Bypass Vulnerability CVE-2022-41099 and KB5025175

CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability

Vulnerability CVE-2021-36934

CVE-2020-0601 Windows CryptoAPI Spoofing Vulnerability Security Vulnerability Published:...

CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Mobile

CVE-2019-0627 - Windows Security Feature Bypass Vulnerability

CVE-2018-8512 - Microsoft Edge Security Feature Bypass Vulnerability