Article Details
Scrape Timestamp (UTC): 2024-08-15 15:29:21.036
Original Article Text
Click to Toggle View
Microsoft disables BitLocker security fix, advises manual mitigation. Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can let attackers bypass the BitLocker Device Encryption feature and access encrypted data with physical access to the targeted device. "When customers applied the fix for this vulnerability to their devices, we received feedback about firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices," the company explained in a Wednesday update. "As a result, with the release of the August 2024 security updates we are disabling this fix." After disabling the fix, Microsoft advises those who want to protect their systems and data against CVE-2024-38058 attacks to apply mitigation measures detailed in the KB5025885 advisory. However, instead of deploying a security update, they'll now have to go through a 4-stage procedure that also requires restarting the impacted device eight times. Furthermore, Microsoft warns that after applying the mitigation on devices with Secure Boot, they will no longer be able to remove it, even after reformatting the disk. "After the mitigation for this issue is enabled on a device, meaning the mitigations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied," the company cautions. "Please be aware of all the possible implications and test thoroughly before you apply the revocations that are outlined in this article to your device." During this month's Patch Tuesday, Redmond also fixed a known issue triggered by July's Windows security updates, which caused some Windows devices to boot into BitLocker recovery. While this matches the firmware incompatibility issues that forced Microsoft to disable the CVE-2024-38058 fix, the company didn't provide any information on the actual root cause or how it addressed it. Microsoft only advised affected customers to install the latest update for their devices "as it contains important improvements and issue resolutions, including this one," without linking the bug or its fix to the CVE-2024-38058 vulnerability in any way.
Daily Brief Summary
Microsoft recently disabled a security update meant to fix a BitLocker bypass vulnerability (CVE-2024-38058) due to causing firmware incompatibility issues.
Users reported that applying the BitLocker fix forced devices into recovery mode, prompting Microsoft to retract the fix in the August 2024 security release.
The vulnerability allows attackers with physical access to bypass the BitLocker Device Encryption feature and access encrypted data.
Microsoft recommends a 4-stage manual mitigation procedure, which includes restarting the impacted devices eight times, as an alternative to the disabled fix.
Once the suggested mitigation is implemented on devices using Secure Boot, it cannot be reversed, even if the disk is reformatted.
Microsoft warns users of the irreversible nature of the mitigation and advises extensive testing before applying.
During the same month, Microsoft fixed another issue related to a previous update that also caused devices to boot into BitLocker recovery mode, although it was not directly linked to CVE-2024-38058.