Attack bypasses BitLocker using Windows Recovery Environment

Microsoft added drive encryption to Windows with BitLocker, which is also intended to withstand physical attacks, thus intercepting cases where devices are stolen, for example. However, vulnerabilities are repeatedly becoming known, for instance, through reading out the secrets in the computer's TPM. Another currently widely functioning variant relies on the Windows Recovery Environment (WinRE).

Microsoft itself most recently documented such attacks via WinRE in May 2025 with “BitUnlocker” – and released updates that are actually supposed to protect against them. IT researchers from Intrinsec have now discovered a way to circumvent the protection once again, again using WinRE. For the practical relevance of the attacks, it is important to know: Physical access is necessary to circumvent BitLocker encryption.

BitUnlocker Attacks

According to the IT researchers, the attack chain presented by Microsoft starts with the boot manager loading the System Deployment Image (SDI) and the WIM file (Windows Image Format) referenced within it, and checking the integrity of the WIM. By adding another WIM in the blob table, the boot manager checks the first WIM file but loads the second, which is controlled by attackers, without checking it. The second WIM contains a WinRE image that can start a cmd.exe file, which, when executed, provides access to the decrypted BitLocker drive. BitLocker was unlocked at startup in the widely used auto-unlock mode through the passed check (CVE-2025-48804, CVSS 6.8, risk “medium”).

In July 2025, Microsoft distributed updated boot managers intended to solve the problem. It is signed with the PCA-2011 or CA-2023 Secure Boot certificates. The security vulnerability now found is that Secure Boot only checks the certificate of a binary file, but not its version. Thus, a vulnerable “bootmgfw.efi” file can be launched before the security update, which is signed with the PCA-2011 certificate – from a Secure Boot perspective, it is just as valid as the patched version.

Secure Boot certificates cannot simply be revoked; this is also evident from the expiry of the old 2011 certificates. Microsoft is making a diligent effort to update the certificates and provides ample assistance, especially for administrators in corporate networks, to ensure the upgrade can be carried out quickly. As long as these updated certificates have not been distributed and the outdated certificates have not been revoked, an attack with an outdated boot manager (downgrade attack) is possible. The IT researchers also provide a Proof-of-Concept (PoC) on GitHub that demonstrates the vulnerability. The attack takes only minutes and no complex equipment, but rather, for example, just a USB stick and physical access.

To improve protection against such attacks, the IT security researchers recommend activating the PIN query function at startup – this prevents most BitLocker attacks. This is the only measure that reliably protects against these attacks. Microsoft also recommends migrating the boot manager to the CA-2023 certificate and revoking the old PCA-2011 certificate. An instruction from Microsoft from 2023 explains the process. This also activates version tracking using Secure Version Number (SVN). Since these countermeasures are somewhat cumbersome, they are not very widespread.

However, this attack should be resolved with the expiry of the old PCA-2011 certificates in October 2026. However, the presented attack shows once again that the migration to the new Secure Boot certificates should happen quickly.

(dmk)