Windows 10: Microsoft releases PowerShell script to address Windows Bitlocker vulnerability

Microsoft has released a PowerShell script for Windows 10 and 11 devices to address a BitLocker security feature bypass vulnerability.

Microsoft confirmed the issue on November 8, 2022. It is tracked as CVE-2022-41099. Successful exploitation of the issue allows attackers to bypass BitLocker Device Encryption protections on the system storage device, according to Microsoft's description. Physical access to the device is required to exploit the vulnerability and access the encrypted data.

Microsoft released a security update for the issue, but system administrators had to install it to the Windows Recovery Environment manually up until now.

Tip: Microsoft released security updates for all supported versions of Windows this week.

PowerShell scripts address the BitLocker bypass




Microsoft's newly released PowerShell scripts aims to automate the updating process. All system administrators need to do is run the PowerShell script on Windows 10 or 11 devices to patch the Windows Recovery Environment and protect it against potential exploits of the security issue.

Two PowerShell scripts are available. Both serve the same purpose, but the target Windows versions are different. PatchWinREScript_2004plus.ps1 is the recommended script. It is compatible with Windows 10 version 2004 and later versions, which includes any Windows 11 version.

Microsoft notes that the script is more robust than the other, and that administrators may want to run it, provided that the device that needs fixing runs a supported version of Windows.

Older Windows 10 devices, those running Windows 10 version 1909 or earlier, need a different script. Microsoft notes that the second script should execute on more recent versions of Windows 10 and 11 as well.

Only the source codes of both scripts are displayed on the Microsoft support website. Users need to copy the entire script and paste it into a plain text file on the device. The file needs to be renamed from .txt to .ps1, to make it a PowerShell script.

The script performs the following steps to address the issue:

1. It mounts the existing WinRE image (WINRE.WIM).
2. The image is updated with the Safe OS Dynamic Update package from the Windows Update Catalog. This update needs to be downloaded manually for the operating system and specified using the packagePath parameter.
3. The WinRE image is unmounted.
4. It reconfigures the BitLocker TPM protector if present.

System administrators may run the script with two parameters:

workDir -- <Optional> Specifies the scratch space used to patch WinRE. If not specified, the script will use the default temp folder for the device.

packagePath -- <Required> Specifies the path and name of the OS-version-specific and processor architecture-specific Safe OS Dynamic update package to be used to update the WinRE image.
​

Closing Words

The BitLocker vulnerability requires local access to the Windows PC to exploit the issue. While that makes it less of a threat for many users, it may still be a good idea to run the PowerShell script to protect the device against attacks.

It is recommended to create a system backup before running the script. If things go wrong, it can be used to restore the previous state of the system.

Now You: do you use BitLocker? (via Neowin)

Thank you for being a Ghacks reader. The post Microsoft releases PowerShell script to address Windows Bitlocker vulnerability appeared first on gHacks Technology News.

read more...

 

WPA2 Vulnerability Found

A small update with regards to the Microsoft fix. The fix itself is sufficient to solve the issue on Windows, even if your WiFi device has no driver update, with one caveat:

Does this security update fully address these vulnerabilities on Microsoft Platforms, or do I need to perform any additional steps to be fully protected?
The provided security updates address the reported vulnerabilities; however, when affected Windows based systems enter a connected standby mode in low power situations, the vulnerable functionality may be offloaded to installed Wi-Fi hardware. To fully address potential vulnerabilities, you are also encouraged to contact your Wi-Fi hardware vendor to obtain updated device drivers. For a listing of affected vendors with links to their documentation, review the ICASI Multi-Vendor Vulnerability Disclosure statement here: ICASI integrates into FIRST PSIRT SIG bolstering the incident response and security team industry

Source: Security Update Guide - Microsoft Security Response Center

 

PowerShell 7.3.0 has been released

Source: Release v7.3.0 Release of PowerShell . PowerShell/PowerShell . GitHub

Microsoft Store: https://apps.microsoft.com/store/det...l/9MZ1SNWT0N5D

 

Skype Cross-zone Scripting Vulnerability Found

Skype Security Blog

Skype provides a full description on its Security Blog of the vulnerability and the steps that have been taken to address the problem so it doesn't affect users