CyberSecurityBoard
Sponsor Register Login

BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability

A public proof-of-concept (PoC) exploit has now been released, highlighting the severity of the risk to millions of Windows devices relying on BitLocker without pre-boot authentication. A critical vulnerability in Microsoft’s BitLocker full disk encryption, demonstrating that it can be bypassed in under five minutes using a software-only attack dubbed “Bitpixie” (CVE-2023-21563). Organizations relying solely on TPM-based BitLocker protection are urged to review their security posture immediately and deploy pre-boot authentication to safeguard sensitive data. Unlike traditional hardware-based attacks, which require physical tampering, soldering, or specialized equipment, the Bitpixie vulnerability enables attackers to extract BitLocker’s Volume Master Key (VMK) entirely through software. The attack’s speed and non-invasive nature make it a significant risk, especially in scenarios involving lost or stolen laptops protected only by TPM-based BitLocker without additional authentication. “The Bitpixie vulnerability – and more generally both hardware and software-based attacks – can be mitigated by forcing pre-boot authentication,” researchers emphasize. The Bitpixie vulnerability exposes a high-risk attack path against BitLocker encryption, with a working proof-of-concept now available. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The primary mitigation against Bitpixie and similar attacks is to enforce pre-boot authentication, which requires a PIN, USB key, or key file before the system boots. This non-invasive method leaves no permanent trace and does not require a complete disk image, making it particularly attractive for red teamers and adversaries targeting stolen or unattended laptops. This development underscores the need for robust authentication measures and highlights the dangers of relying on default configurations for disk encryption. For systems that block third-party signed components (e.g., secured-core PCs), attackers can use only Microsoft-signed components.PXE boot into Windows Boot Manager again with a modified BCD. A newly discovered malicious Python package, solana-token, has been weaponized to steal source code and sensitive secrets from developers working on Solana blockchain applications. The public PoC released by researchers automates these attack chains, allowing for rapid compromise-often in less than five minutes.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 15 May 2025 06:30:20 +0000


Cyber News related to BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability

BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability - A public proof-of-concept (PoC) exploit has now been released, highlighting the severity of the risk to millions of Windows devices relying on BitLocker without pre-boot authentication. A critical vulnerability in Microsoft’s BitLocker full disk ...
1 month ago Cybersecuritynews.com CVE-2023-21563
Strong Encryption Explained: 6 Encryption Best Practices - Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. Even the strongest ...
1 year ago Esecurityplanet.com
What Is Encryption? Definition, How it Works, & Examples - To understand how encryption works, we need to understand how it fits into the broader realm of cryptology, how it processes data, common categories, top algorithms, and how encryption fits into IT security. Symmetric encryption will typically be ...
1 year ago Esecurityplanet.com
Types of Encryption, Methods & Use Cases - Encryption category types will explain the overarching and basic categories of classification for encryption, including the two most important: symmetric and asymmetric encryption. Encryption tool types will discuss the major classifications of ...
1 year ago Esecurityplanet.com
Newly discovered ransomware uses BitLocker to encrypt victim data - A previously unknown piece of ransomware, dubbed ShrinkLocker, encrypts victim data using the BitLocker feature built into the Windows operating system. BitLocker is a full-volume encryptor that debuted in 2007 with the release of Windows Vista. ...
1 year ago Arstechnica.com
Business Data Encryption: Protecting Sensitive Information - In addition to implementing encryption technologies and policies, organizations should prioritize employee training on data encryption. By selecting the appropriate encryption technologies, implementing strong encryption policies, and training ...
1 year ago Securityzap.com
Microsoft confirms May Windows 10 updates trigger BitLocker recovery - Microsoft's acknowledgment of this issue comes after many Windows users and admins have reported seeing devices unexpectedly enter the Windows Recovery Environment (WinRE) and displaying a BitLocker recovery screen after installing the KB5058379 ...
4 weeks ago Bleepingcomputer.com
Symmetric vs. Asymmetric Encryption in the Cloud: Choosing the Right Approach - Asymmetric and symmetric encryptions are the modes of encryption typically used in cryptography. There is a single key involved with symmetric encryption used both for encryption and decryption. Symmetric and asymmetric encryption as ways of ...
11 months ago Cybersecurity-insiders.com
What Is ShrinkLocker? New Ransomware Targets Microsoft BitLocker Encryption Feature - A new strain of ransomware dubbed ShrinkLocker is being used by cyberattackers to target enterprise computers. It exploits the Microsoft BitLocker encryption feature to encrypt the entire local drive and remove the recovery options before shutting ...
1 year ago Techrepublic.com
The 6 Best Encryption Software - Though encryption could still be broken or cracked, strong encryption is nearly impenetrable. Top encryption software: Comparison table Top encryption software BitLocker: Best for Windows environments. It's an excellent choice for encryption software ...
1 year ago Techrepublic.com
Encrypting Data Using Asymmetric Encryption - Asymmetric encryption, commonly known as public-key encryption, is an important technique for safeguarding data transport and storage. Asymmetric encryption's multi-step process involving key generation, encryption, transmission, decryption, and key ...
1 year ago Feeds.dzone.com
An overview of storage encryption for enterprises - Storage encryption is a key element in keeping enterprise data safe. Most enterprises use a combination of encryption methods to protect their data on premises, in motion and in the cloud, so it's important to understand the different types and best ...
1 year ago Techtarget.com
How secure is the "Password Protection" on your files and drives? - People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. Protecting files with passwords without encrypting ...
1 year ago Helpnetsecurity.com
Windows 10 KB5058379 update triggering BitLocker Recovery after install - "I would like to inform you that we are currently experiencing a known issue with the May Month Patch KB5058379, titled "BitLocker Recovery Triggered on Windows 10 devices after installing KB5058379" on Windows 10 machines," an impacted ...
1 month ago Bleepingcomputer.com
Microsoft shares script to update Windows 10 WinRE with BitLocker fixes - Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. This security issue was resolved in the KB5034441 ...
1 year ago Bleepingcomputer.com CVE-2024-20666
Microsoft working on a fix for Windows 10 0x80070643 errors - Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability. While the security issue was resolved during this month's Patch Tuesday, ...
1 year ago Bleepingcomputer.com CVE-2024-20666
Internet Security: Ensuring Safe Online Experiences - Cybercriminals are constantly evolving their tactics, from sophisticated cyber attacks to insidious data breaches, putting your virtual safety at risk. Protecting your data isn't the only concern; safeguarding your identity, finances, and peace of ...
1 year ago Securityzap.com
Sensitive data loss is due to lack of encryption - In an era where data is the lifeblood of businesses, safeguarding sensitive information has become paramount. Cybersecurity lapses have historically been a cause of data breaches, but a recent study sheds light on a new dimension of vulnerability - ...
1 year ago Cybersecurity-insiders.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com
A Comprehensive Overview of Encryption as a Service - Encryption as a Service (EaaS) is a way for companies to protect their sensitive data, both at rest and in transit. It is a subscription model that allows customers to outsource the complexity of data encryption to a team of experts. Encryption is ...
2 years ago Heimdalsecurity.com
EncGPT - AI-agent that Dynamically Generates Encryption & Decryption Rules - EncGPT leverages large language models (LLMs) to create a dynamic encryption workflow that adapts to evolving security needs, marking a significant leap forward in cryptographic technology. EncGPT represents a significant advancement in communication ...
2 months ago Cybersecuritynews.com
Meta Announces End-to-End Encryption by Default in Messenger - Yesterday Meta announced that they have begun rolling out default end-to-end encryption for one-to-one messages and voice calls on Messenger and Facebook. It will bring strong encryption to over one billion people, protecting them from dragnet ...
1 year ago Eff.org
Windows 10 KB5058379 Update Boots PCs into Windows Recovery & Require BitLocker key - “I would like to inform you that we are currently experiencing a known issue with the May Month Patch KB5058379, titled ‘BitLocker Recovery Triggered on Windows 10 devices after installing KB5058379′ on Windows 10 machines,” a ...
1 month ago Cybersecuritynews.com
Meta Rolls Out Default End-to-End Encryption on Messenger Amid Child Security Concerns - Meta Platforms announced on Wednesday the commencement of the rollout of end-to-end encryption for personal chats and calls on both Messenger and Facebook. This heightened security feature, ensuring that only the sender and recipients can access ...
1 year ago Cysecurity.news
A Cost-Effective Encryption Strategy Starts With Key Management - Companies have a problem with encryption: While many businesses duly encrypt sensitive data, there is no standard strategy for deploying and managing an key-management infrastructure. Every organization needs to make a large number of decisions in ...
1 year ago Darkreading.com Equation

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)