• About
  • Contact
  • Advertise
  • Privacy Policy
  • Terms Of Use
Thursday, June 19, 2025
No Result
View All Result
Converseer
  • Home
  • News
    • General News
    • Education
    • Business
    • Security
    • Entertainment
    • Lifestyle
    • Tourism
  • Politics
  • Metro
  • Jobs
  • Sports
  • Health
  • Tech
  • More
    • Science & Nature
    • Agriculture
    • Opinion
    • Feature
    • Fact Check
    • History
    • Profile & Biography
    • Special Reports
  • Home
  • News
    • General News
    • Education
    • Business
    • Security
    • Entertainment
    • Lifestyle
    • Tourism
  • Politics
  • Metro
  • Jobs
  • Sports
  • Health
  • Tech
  • More
    • Science & Nature
    • Agriculture
    • Opinion
    • Feature
    • Fact Check
    • History
    • Profile & Biography
    • Special Reports
No Result
View All Result
Converseer
No Result
View All Result
Home Tech

Vulnerability in Microsoft’s BitLocker Allows Hackers to Bypass Encryption

by Joe Udo
2 January 2025
in Tech
Vulnerability in Microsoft's BitLocker Allows Hackers to Bypass Encryption

New York, U.S. – A critical vulnerability in Microsoft’s BitLocker encryption, identified as CVE-2023-21563, has been demonstrated to allow hackers to bypass its security with minimal effort and brief physical access to a device.

Security researcher Thomas Lambertz, known as “th0mas,” revealed this flaw during a keynote at the Chaos Communication Conference titled “Windows BitLocker: Screwed without a Screwdriver.” He showcased how attackers could exploit the vulnerability without turning on the device.

The attack requires physical access to the system. By forcing the target device into recovery mode and connecting it to a network, hackers can effectively decrypt a Windows 11 system protected by BitLocker encryption.

This discovery highlights significant risks for systems relying on BitLocker to protect sensitive data, particularly in environments where physical access to devices is not strictly controlled. Microsoft has not yet announced a specific fix for this vulnerability.

Security experts urge users and organisations to enhance physical security measures for devices and monitor Microsoft’s updates for potential patches to address this critical issue.

Vulnerability in Microsoft's BitLocker Allows Hackers to Bypass Encryption

Microsoft fixed the CVE-2023-21563 vulnerability in 2022, but this demonstration shows that it has not been completely fixed. BitLocker enables the “Device Encryption” feature by default in newer Windows 11 systems. The hard disk is encrypted at rest, but it is automatically decrypted when the legitimate Windows system is started.

Lambertz used an attack method called “bitpixie” to run an old version of the Windows boot loader through Secure Boot, extract the encryption key into memory, and then use the Linux system to read the memory contents and finally obtain the BitLocker key.

Vulnerability in Microsoft's BitLocker Allows Hackers to Bypass Encryption

Microsoft has long been aware of the problem, and the permanent solution is to revoke the certificate of the vulnerable boot loader, but the memory space used to store certificates in UEFI firmware is limited, so it is difficult to fully defend against it in the short term. Microsoft plans to distribute new secure boot certificates starting in 2026, which will force motherboard manufacturers to update UEFI.

Previously, users could only protect themselves by setting a personal PIN to back up BitLocker or disabling network access in the BIOS.

Lambertz warned that even a simple USB network adapter is enough to perform this attack. For ordinary users, the risk of this attack is relatively low. But for enterprises, governments and other institutions that attach great importance to network security, only physical access and a USB network adapter are needed to decrypt BitLocker, which is undoubtedly a major security risk.

Tags: Microsoft News
ShareSendTweetShare

Related News

Rolls-Royce announces new African HQ, training facility

Rolls-Royce announces new African HQ, training facility

17 June 2025
German automation and robotics firms suffer amid tariffs, competition

German automation and robotics firms suffer amid tariffs, competition

2 June 2025
Why Pocket is shutting down forever

Why Pocket is shutting down forever

1 June 2025
VW to offer investments to US to ward off Trump's car tariffs

VW to offer investments to US to ward off Trump’s car tariffs

30 May 2025

Latest News

Court grants N50m bail to suspended Senator Natasha Akpoti-Uduaghan

Man digs up late brother’s grave, sells skull for N12,000

FG awards over N3trn contracts for Lagos-Calabar Coastal Highway sections of Cross River, others

Abdulqudus Adeyeye graduates best student from ABU Zaria

Lieutenant Nura Shehu emerges best graduating cadet of NDA

FG, States, LGs get N1.659trn FAAC in May

About Us

Converseer is an online newspaper that delivers impartial, comprehensive news coverage on politics, business, and education, among other topics. Our goal is to bridge the information gap and promote progress across various sectors of society.

Social Media

  • Facebook
  • WhatsApp
  • X (Twitter)
  • YouTube

Coverage

  • Africa
  • Americas
  • Asia
  • Europe
  • Middle East

Topics

  • Special Reports
  • Fact Check
  • Feature
  • Opinion
  • History
  • About
  • Contact
  • Advertise
  • Privacy Policy
  • Terms Of Use

© 2025 Converseer - All Rights Reserved. Paradise Media Venture.

No Result
View All Result
  • Home
  • News
    • General News
    • Education
    • Business
    • Security
    • Entertainment
    • Lifestyle
    • Tourism
  • Politics
  • Metro
  • Jobs
  • Sports
  • Health
  • Tech
  • More
    • Science & Nature
    • Agriculture
    • Opinion
    • Feature
    • Fact Check
    • History
    • Profile & Biography
    • Special Reports

© 2025 Converseer - All Rights Reserved. Paradise Media Venture.