Attack Overview
Security researchers have demonstrated a new attack technique called “BitUnlocker” that can bypass Windows 11 BitLocker encryption in approximately five minutes. The method exploits a downgrade attack vector, forcing the system to revert to a less secure encryption mode that can be more easily cracked. This allows an attacker with physical access to gain unauthorized entry to encrypted disks and read protected data.
Impact and Scope
The attack targets the core of Microsoft’s full disk encryption system used in Windows 11 Pro and Enterprise editions. While the attacker needs physical access to the device, the short time required for the exploit makes it a serious concern for laptops and portable devices in corporate environments. Microsoft has been notified and is working on a security update. Users are advised to enable additional protections such as requiring a PIN at startup and disabling Standby power states. For further details on this vulnerability, refer to the tracking identifier at cve.org.
Mitigation Guidance
Organizations should review their BitLocker deployment configurations, particularly around the use of hardware security modules and pre-boot authentication. Enabling the use of a PIN or USB key at boot time can add an extra layer of defense against this style of downgrade attack. Administrators should also monitor for any Microsoft security patches addressing this specific issue and apply them promptly.
Source: Cyber Security News
