Microsoft Releases Script to Fix WinRE BitLocker Bypass Error

Microsoft has released a script that makes it easier to fix the BitLocker bypass vulnerability in Windows Recovery Environment (WinRE).

This PowerShell script simplifies the process of protecting WinRE images from exploit attempts CVE-2022-41099 which allows attackers to bypass system storage devices of the BitLocker Device Encryption feature.

Successful exploitation of the bug allows attackers with physical access to the device to gain access to encrypted data in low complexity attacks. According to Microsoft, the vulnerability cannot be exploited if the user has enabled BitLocker TPM + PIN protection.

The user needs to run the script with administrator credentials in PowerShell on the affected devices. There are two scenarios available depending on the version of Windows you are using.

CVE-2022-41099 patch scripts can be run from Windows PowerShell and administrators can specify the path and name of the Safe OS Dynamic Update package to use to update the WinRE image. These service packs depend on the OS version and processor architecture and must be download from the Microsoft Update Catalog.

After running the script, follow these steps:

1. Mount an existing WinRE image (WINRE.WIM);
2. Update the WinRE image with the specified Safe OS Dynamic Update (Compatibility Update);
3. Unmount the WinRE image;
4. If BitLocker TPM protection is present, it reconfigures WinRE for the BitLocker service.

After running the script, the user will not need to reboot the system to complete the WinRE image repair process.