August 15, 2024 at 11:34AM
Microsoft disabled a BitLocker vulnerability fix due to firmware incompatibility, causing devices to enter recovery mode. The CVE-2024-38058 flaw allows attackers to bypass BitLocker encryption and access data. To mitigate the issue, users must follow a complex 4-stage process and may face limitations. Microsoft didn’t address the root cause, urging users to install the latest update.
From the meeting notes, it is clear that Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues causing patched Windows devices to enter BitLocker recovery mode. This sever security flaw, tracked as CVE-2024-38058, allows attackers to bypass BitLocker encryption and access encrypted data with physical access to the targeted device.
In response to the disabled fix, Microsoft advises affected users to apply mitigation measures detailed in the KB5025885 advisory. However, the new mitigation procedure involves a 4-stage process and requires restarting the impacted device eight times, with a warning that devices using Secure Boot will no longer be able to remove it even after reformatting the disk.
Additionally, Microsoft has fixed a known issue related to July’s Windows security updates, which caused some devices to boot into BitLocker recovery. However, it is not clear if this issue is related to the firmware incompatibility that led to the disabling of the CVE-2024-38058 fix.
Overall, it is important for affected users to be aware of the implications of applying the mitigation measures, thoroughly test the procedure before implementation, and to stay updated with the latest device updates for improvements and issue resolutions.