Microsoft has launched a script to make it simpler to patch a BitLocker bypass safety vulnerability within the Home windows Restoration Setting (WinRE).

This PowerShell script (KB5025175) simplifies the method of securing WinRE photos towards makes an attempt to use the CVE-2022-41099 flaw that allows attackers to bypass the BitLocker Machine Encryption function system storage gadgets.

Profitable exploitation of this permits menace actors with bodily entry to entry encrypted information in low-complexity assaults.

In line with Microsoft, the vulnerability can’t be exploited if the consumer has enabled BitLocker TPM+PIN safety.

“The pattern PowerShell script was developed by the Microsoft product crew to assist automate the updating of WinRE photos on Home windows 10 and Home windows 11 gadgets,” Microsoft says in a help doc printed on Thursday.

“Run the script with Administrator credentials in PowerShell on the affected gadgets. There are two scripts out there—which script it’s best to use depends upon the model of Home windows you’re working.”

The really helpful script model is PatchWinREScript_2004plus.ps1 which helps apply the safety updates on methods working Home windows 10 2004 and later (together with Home windows 11).

The opposite PowerShell script (PatchWinREScript_General.ps1) is much less strong and needs to be used on Home windows 10 1909 and earlier variations (though it should run on all Home windows 10 and Home windows 11 methods).

Easy methods to use the WinRE patch script

The CVE-2022-41099 patch scripts may be run from a Home windows PowerShell and permit admins to specify the trail and identify of the Secure OS Dynamic replace package deal that needs to be used to replace the WinRE picture.

These replace packages are OS-version-specific and processor architecture-specific and must be downloaded from the Microsoft Replace Catalog beforehand.

The scrips additionally enable passing a workDir parameter to pick the scratch house for use through the patching course of (if not specified, the script will use the default Home windows temp folder).

As soon as began, the script will undergo the next steps:

1. Mount the prevailing WinRE picture (WINRE.WIM).
2. Replace the WinRE picture with the required Secure OS Dynamic Replace (Compatibility Replace) package deal out there from the Home windows Replace Catalog (the newest replace out there for the model of Home windows put in on the machine is really helpful)
3. Unmount the WinRE picture.
4. If the BitLocker TPM protector is current, it reconfigures WinRE for BitLocker service.

After working the script, you’ll not be required to reboot the system to finish the WinRE picture patching course of.