Microsoft safety researchers have uncovered 4 crucial vulnerabilities in Home windows BitLocker that would permit attackers with bodily entry to bypass the encryption system and extract delicate information.
The findings, revealed in analysis dubbed “BitUnlocker,” exhibit subtle assault strategies concentrating on the Home windows Restoration Surroundings (WinRE) to bypass Microsoft’s flagship information safety know-how.
Safety Flaws Goal Home windows Restoration Surroundings
The vulnerabilities, found by Alon Leviev and Netanel Ben Simon from Microsoft’s Offensive Analysis & Safety Engineering (MORSE) crew, exploit weaknesses in how WinRE processes exterior information and configurations.
The researchers recognized 4 distinct assault vectors that permit unauthorized entry to BitLocker-protected techniques:
- CVE-2025-48800 allows attackers to bypass WIM (Home windows Imaging Format) validation by manipulating the Boot.sdi file’s offset pointer, inflicting the system in addition an untrusted restoration atmosphere whereas validating a trusted one.
- CVE-2025-48003 exploits ReAgent.xml parsing to schedule malicious operations, together with launching tttracer.exe to execute command prompts with full system entry.
- CVE-2025-48804 leverages WinRE app belief validation by using the pre-registered SetupPlatform.exe to realize persistent command-line entry by means of keyboard shortcuts.
- CVE-2025-48818 targets BCD (Boot Configuration Information) parsing to redirect WinRE’s goal OS location, enabling Push Button Reset exploitation to decrypt BitLocker volumes.
The analysis reveals that WinRE, designed as a restoration platform for crucial system points, inadvertently creates an assault floor when parsing configuration information from unprotected volumes.
Attackers can manipulate these exterior information to realize elevated privileges and entry encrypted information with out triggering BitLocker’s customary safety mechanisms.
Microsoft Responds with July 2025 Safety Patches
Microsoft addressed all 4 vulnerabilities as a part of its July 2025 Patch Tuesday launch, issuing complete safety updates throughout affected Home windows variations.
The patches goal Home windows 10 (variations 1607, 21H2, 22H2), Home windows 11 (variations 22H2, 23H2, 24H2), and Home windows Server editions (2016, 2022, 2025).
Safety updates KB5062552, KB5062553, KB5062554, and KB5062560 particularly handle the BitLocker vulnerabilities, with organizations urged to prioritize rapid deployment.
The vulnerabilities carry CVSS scores starting from 6.8 to eight.1, with Microsoft assessing exploitation as “extra possible” for a number of of the failings.
The analysis crew’s findings had been scheduled for presentation at Black Hat USA 2025 in Las Vegas, highlighting the importance of the discoveries throughout the cybersecurity group.
The presentation, titled “BitUnlocker: Leveraging Home windows Restoration to Extract BitLocker Secrets and techniques,” demonstrates the researchers’ complete evaluation of WinRE’s safety structure and assault methodologies.
Enhanced Safety Methods and Business Influence
Past making use of the safety patches, Microsoft recommends implementing further BitLocker countermeasures to strengthen safety in opposition to bodily assaults.
Organizations ought to allow TPM+PIN for pre-boot authentication, which provides an extra authentication layer earlier than the system boots, considerably decreasing the chance of bodily bypass makes an attempt.
Microsoft additionally advises enabling the REVISE mitigation for anti-rollback safety, which prevents attackers from downgrading to susceptible system states.
These enhanced protections work along side the safety patches to offer complete protection in opposition to the recognized assault vectors.
The discoveries underscore the significance of defense-in-depth methods for information safety, notably in situations involving bodily machine entry.
Whereas BitLocker stays a strong encryption resolution, the analysis demonstrates that even subtle safety techniques require steady analysis and enchancment to deal with rising menace vectors.
The BitUnlocker analysis represents a big contribution to understanding encryption bypass strategies and reinforces the crucial function of inner safety analysis groups in figuring out and addressing vulnerabilities earlier than they are often exploited maliciously.
Organizations counting on BitLocker for information safety ought to prioritize making use of the July 2025 safety updates whereas implementing the really helpful further safety measures to keep up sturdy safety in opposition to bodily assaults.
Discover this Information Fascinating! Comply with us on Google Information, LinkedIn, & X to Get Immediate Updates!
