Windows BitLocker Bug Leaks AES-XTS Encryption
Blog post from SSOJet
A reported vulnerability in BitLocker, identified by computer forensics expert Maxim Suhanov, involves a design flaw that can be exploited by modifying a registry key to disable the dump.sys crash dump filter driver, leading to the creation of an unencrypted hibernation file on disk that may contain sensitive data from RAM such as passwords and encryption keys. This vulnerability is particularly concerning in scenarios where a device is physically accessible, such as in cases of corporate espionage or data recovery abuse, where attackers with sufficient technical expertise could exploit the flaw on devices protected by BitLocker. Microsoft has addressed the issue by releasing an update for the fvevol.sys driver to ensure the dumpfve.sys remains listed in the DumpFilters registry, preventing unencrypted data from being written to disk if the driver is missing or corrupt. Users are urged to install this patch immediately and enhance security measures to protect against potential physical access threats.
No tracked trend matches for this post yet.