• Bitlocker encrypted access bypassed

    Home » Forums » Outside the box » Rumors and what-ifs » Bitlocker encrypted access bypassed

    Tags:

    Author
    Topic
    Microfix
    AskWoody MVP
    December 31, 2024 at 12:31 pm #2730212

    Ever wondered how some gain access to encrypted Windows storage without knowing the bitlocker password? ahem..

    Someone was able to do just that, using a Windows vulnerability CVE-2023-21563 originally from 2022, with a modified Linux system to access an encrypted Bitlocker drive under a current and fully patched Windows 11 without knowing the bitlocker recovery key!!

    The key required to mount/ encrypt/ decrypt the Bitlocker drive was extracted from a Windows memory dump file using a Linux device connected via LAN to Windows 11 using Secure Boot allowing full access and readability of the encrypted drive.
    /facepalm

    That CVE above was also supposedly fixed again in the January 2023 CU:
    https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21563

    Read more about this over on:
    https://borncity.com/win/2024/12/31/38c3-bitlocker-bypassed-via-vulnerabilities-dec-2024/#more-36760

    If debian is good enough for NASA...
    8 users thanked author for this post.
    Myst, Cybertooth, windbg, TechTango, Alex5723, Elly, Sky, satrow
    Reply | Quote
    Viewing 3 reply threads
    Author
    Replies
    • Mike
      Guest
      December 31, 2024 at 4:52 pm #2730261

      The tip of the iceberg in the new world of feel good security.

      Reply | Quote
    • Paul T
      AskWoody MVP
      December 31, 2024 at 4:54 pm #2730263
      Mike wrote:

      new world of feel good security

      No such thing, never has been.

      cheers, Paul

      Reply | Quote
    • Mike
      Guest
      December 31, 2024 at 5:48 pm #2730267

      Wait until you really start digging into the implementation details of “Post quantum cryptography” algorithms 🙂

      Reply | Quote
    • b
      AskWoody_MVP
      December 31, 2024 at 7:13 pm #2730289
      Microfix wrote:

      The key required to mount/ encrypt/ decrypt the Bitlocker drive was extracted from a Windows memory dump file using a Linux device connected via LAN to Windows 11 using Secure Boot allowing full access and readability of the encrypted drive.

      Attack fails if a start-up PIN has been set for Bitlocker:

      Memory remanence

      For scenarios requiring protection against these advanced attacks, configure a TPM+PIN protector,

      BitLocker countermeasures

      Confirmed at 36:00 and 50:20 of the demo presentation video.

      1 user thanked author for this post.
      Paul T
      Reply | Quote
    Viewing 3 reply threads
    Reply To: Bitlocker encrypted access bypassed

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.