Microsoft disables BitLocker security fix, advises manual mitigation


Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode.

Tracked as CVE-2024-38058, this important severity security flaw can let attackers bypass the BitLocker Device Encryption feature and access encrypted data with physical access to the targeted device.

“When customers applied the fix for this vulnerability to their devices, we received feedback about firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices,” the company explained in a Wednesday update. “As a result, with the release of the August 2024 security updates we are disabling this fix.”

After disabling the fix, Microsoft advises those who want to protect their systems and data against CVE-2024-38058 attacks to apply mitigation measures detailed in the KB5025885 advisory.

However, instead of deploying a security update, they’ll now have to go through a 4-stage procedure that also requires restarting the impacted device eight times. Furthermore, Microsoft warns that after applying the mitigation on devices with Secure Boot, they will no longer be able to remove it, even after reformatting the disk.

“After the mitigation for this issue is enabled on a device, meaning the mitigations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied,” the company cautions.

“Please be aware of all the possible implications and test thoroughly before you apply the revocations that are outlined in this article to your device.”

During this month’s Patch Tuesday, Redmond also fixed a known issue triggered by July’s Windows security updates, which caused some Windows devices to boot into BitLocker recovery.

While this matches the firmware incompatibility issues that forced Microsoft to disable the CVE-2024-38058 fix, the company didn’t provide any information on the actual root cause or how it addressed it.

Microsoft only advised affected customers to install the latest update for their devices “as it contains important improvements and issue resolutions, including this one,” without linking the bug or its fix to the CVE-2024-38058 vulnerability in any way.



Source link