A critical security vulnerability in Windows BitLocker enables attackers to bypass the encryption feature through a sophisticated time-of-check time-of-use (TOCTOU) race condition attack. An attacker with physical access can exploit the race condition to gain unauthorized access to encrypted data, potentially compromising sensitive information, including user credentials, corporate data, and system configurations. The flaw allows unauthorized attackers with physical access to circumvent BitLocker Device Encryption, potentially exposing sensitive encrypted data on target systems. The attack methodology leverages the inherent timing vulnerabilities in the BitLocker authentication process, where the system checks encryption status and subsequently grants access to encrypted volumes. The patches include specific build numbers: Windows 10 22H2 (10.0.19045.6093), Windows 11 23H2 (10.0.22631.5624), and Windows Server 2025 (10.0.26100.4652). Organizations should immediately apply these updates through their standard patch management processes. The vulnerability affects a comprehensive range of Windows platforms, including Windows 10 (versions 1607, 21H2, 22H2), Windows 11 (versions 22H2, 23H2, 24H2), and Windows Server editions (2016, 2022, 2025). Regular security audits and monitoring for unauthorized access attempts can provide additional layers of protection while the patches are being deployed across enterprise environments. The attack vector requires physical access (AV:P) to the target system, with low attack complexity (AC:L) and no user interaction required (UI:N). The vulnerability was discovered by security researchers Alon Leviev and Netanel Ben Simon from Microsoft’s Offensive Research & Security Engineering (MORSE) team, highlighting the importance of internal security research initiatives.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Jul 2025 12:50:14 +0000