Microsoft Suspends BitLocker Security Patch, Recommends Manual Mitigation

August 15, 2024

Microsoft has put on hold a solution for a BitLocker security feature bypass vulnerability due to firmware compatibility problems. These issues were causing devices that had been patched to enter BitLocker recovery mode. This security flaw, known as CVE-2024-38058, is of significant severity as it allows attackers who have physical access to the device to bypass BitLocker Device Encryption and gain access to encrypted data.

"When customers applied the fix for this vulnerability to their devices, we received feedback about firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices," Microsoft stated in a recent update. Consequently, the company decided to disable this fix with the release of the August 2024 security updates.

In lieu of the fix, Microsoft is advising those who wish to safeguard their systems and data against attacks exploiting CVE-2024-38058 to apply mitigation measures outlined in the KB5025885 advisory. However, this means that instead of simply deploying a security update, users will need to follow a four-step procedure that also necessitates restarting the affected device eight times.

Microsoft also warned that once the mitigation is applied on devices with Secure Boot, it cannot be removed, even by reformatting the disk. "After the mitigation for this issue is enabled on a device, meaning the mitigations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied," the company cautioned. It also urged users to understand all potential implications and thoroughly test before applying the revocations outlined in the advisory to their devices.

During the recent Patch Tuesday, Microsoft also resolved a known issue triggered by July's Windows security updates, which caused some Windows devices to boot into BitLocker recovery. Although this mirrors the firmware compatibility issues that led Microsoft to suspend the CVE-2024-38058 fix, the company did not provide any details on the actual root cause or how it was addressed. Instead, Microsoft simply advised affected customers to install the latest update for their devices as it includes important improvements and issue resolutions, without explicitly linking the bug or its fix to the CVE-2024-38058 vulnerability.

Latest News

• Black Basta Ransomware Group Linked to New Malware Campaign
• Critical Zero-Click Windows TCP/IP RCE Vulnerability Affects All IPv6-Enabled Systems: Urgent Patch Needed
• Windows SmartScreen Security Bypass Vulnerability Exploited Since March Now Patched
• Microsoft's August 2024 Patch Tuesday Addresses Nine Zero-Days, Six Currently Exploited
• Ivanti Alerts Customers to Patch Critical Authentication Bypass Vulnerability in Virtual Traffic Manager