Windows BitLocker Vulnerability: Bypassing Encryption Without a Screwdriver
2025-01-18
A critical vulnerability in Windows BitLocker allows attackers to extract the disk encryption key without physical access, merely requiring a network connection and keyboard. The vulnerability exploits a flaw in the Windows Boot Manager, enabling attackers to downgrade to a vulnerable version and bypass Secure Boot. While patched in late 2022, a design flaw in the Secure Boot standard allows exploitation to persist. The article details the exploit, including a PXE boot into a downgraded bootloader, manipulation of the Boot Configuration Data (BCD) to trigger a soft reboot, and memory scanning for the VMK using a Linux exploit. Mitigation strategies, such as enabling a pre-boot PIN or applying KB5025885, are outlined.