Old BitLocker encryption vulnerability remains present in Windows 11

BitLocker encryption feature was introduced by Microsoft in Windows Vista to ensure data security. It turned out that the long-standing BitLocker vulnerability, which allowed hackers to bypass the security mechanism, is still relevant, despite the fact that Microsoft has released a patch that fixes it.

Image Source: Hack Capital / unsplash.com

This became known at the recent Chaos Communication Congress, when hacker Thomas Lambertz showed how to exploit an old, supposedly fixed vulnerability in Microsoft encryption technology. Interestingly, he was able to do this on a device with a fresh version of Windows 11, which had the latest security updates installed.

We are talking about the vulnerability CVE-2023-21563, which was named “bitpixie” and which became known in 2022. It seems that Microsoft has never been able to completely solve this problem. Exploiting the mentioned vulnerability allows you to bypass the encryption function and gain full access to the data, although this will require physical access to the attacked device.

To exploit the mentioned vulnerability, Lambertz used Secure Boot technology, thanks to which he was able to launch an old version of the Windows boot loader. This approach allowed us to extract the encryption key into memory and use Linux to extract the data from memory. For ordinary users, this problem is not very relevant. However, in the corporate segment, BitLocker is used much more often, and in current builds of Windows 11, the encryption function is enabled by default. This means that similar attacks could be used by hackers to extract and decrypt data from corporate Windows 11 devices.