News: 1723646707

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Microsoft squashes bug that sent Windows devices to BitLocker recovery

(2024/08/14)


Microsoft has fixed a problem that sent affected Windows PCs scurrying into BitLocker recovery.

The [1]problem , which affected almost every supported flavor of Windows 11 and Windows 10, as well as editions of Windows Server going back to 2008, occurred after the July 2024 Windows security update was installed.

Microsoft had said at the time, "You are more likely to face this issue if you have the Device Encryption option enabled in Settings under Privacy & Security."

[2]

Entering the BitLocker recovery permitted a Windows device to boot normally, and let's face it - after the [3]CrowdStrike incident , most administrators were very aware of where their recovery keys were.

[4]

[5]

Microsoft has now fixed the problem in the August 13 update. It [6]said , "We recommend you install the latest update for your device as it contains important improvements and issue resolutions, including this one."

BitLocker is a technology that encrypts a user's storage to keep it safe from prying eyes. The technology gained worldwide notoriety in [7]July 2024 after a borked CrowdStrike update sent millions of Windows devices into a neverending blue screen boot loop, the escape from which initially required the entry of a BitLocker recovery key.

[8]

Therefore, the timing of Microsoft's [9]July 2024 security update , which could send some Windows devices into BitLocker recovery, was particularly bad.

[10]Windows Patch Tuesday update might send a user to the BitLocker recovery screen

[11]Giving Windows total recall of everything a user does is a privacy minefield

[12]Windows users left to fend for themselves after BitLocker patch bungle

[13]Raspberry Pi Pico cracks BitLocker in under a minute

BitLocker has caused headaches for administrators and Microsoft's patch team in recent months. A Windows 10 patch [14]earlier this year aimed at addressing a BitLocker bypass vulnerability left users scratching their heads at an unhelpful error message due to the Windows recovery partition not being large enough.

The tech has also been used as part of [15]ransomware by criminals to turn BitLocker against Microsoft's own users.

Ultimately, users should rarely see the BitLocker recovery mode screen unless there have been some hardware updates. It was certainly an unwelcome surprise for those users who were faced with the recovery screen after the borked security update, and one Microsoft claims has been fixed from the August 13 update. ®

Get our [16]Tech Resources



[1] https://www.theregister.com/2024/07/24/windows_update_bitlocker/

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/oses&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZrzUn@w@hKS-jz6zf6tuGQAAAAo&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[3] https://www.theregister.com/2024/07/19/admin_crowdstrike_update_mess/

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/oses&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZrzUn@w@hKS-jz6zf6tuGQAAAAo&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/oses&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZrzUn@w@hKS-jz6zf6tuGQAAAAo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[6] https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23h2#3358msgdesc

[7] https://www.theregister.com/2024/07/19/azure_vms_ruined_by_crowdstrike/

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/oses&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZrzUn@w@hKS-jz6zf6tuGQAAAAo&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[9] https://www.theregister.com/2024/07/24/windows_update_bitlocker/

[10] https://www.theregister.com/2024/07/24/windows_update_bitlocker/

[11] https://www.theregister.com/2024/05/22/windows_recall/

[12] https://www.theregister.com/2024/05/03/microsoft_windows_recovery_environment/

[13] https://www.theregister.com/2024/02/07/breaking_bitlocker_pi_pico/

[14] https://www.theregister.com/2024/01/12/microsoft_update_for_bitlocker_vuln/

[15] https://www.theregister.com/2024/05/23/ransomware_abuses_microsoft_bitlocker/

[16] https://whitepapers.theregister.com/



Tom Chiverton 1

"encrypts a user's storage to keep it safe from prying eyes"

Kinda-sorta?

It prevents someone without the key being able to decrypt it when powered off, e.g. by connecting to a different machine.

Once it's booted, it's decrypted and anything running on the machine can read anything e.g. malware

Is it safe...

stiine

Is it safe to assume that they've actually tested this patch-to-a-patch? Or am I way too optimistic?

It's A little Late (The Stories Still Running & Crowdstrike Were Advertising On Indeed Last Night).

The Oncoming Scorn

I'm bored at work & to the tune of Never Ending Story by Limahl.

Crowdstrikes fucked around

Take a look at what I see

on all the users screens

A nightmare of my dreams

Bitlockers everywhere

Became a fucking blight

Finding keys written down

Is the answer to a Neverending bootup

ARGGGHHHHHHHHhhhh

Find the keys

That's not as easy as it seems

Swear a lot

It's Friday & now it's half past 3

Drives that keep their secrets

Files weren't uploaded to the cloud

And somewhere there's a envelope

With the answer to a Neverending bootup

ARGGGHHHHHHHHhhhh

Boootup

ARGGGHHHHHHHHhhhh

Got no beer

its midnight, the issues not gone away

In your hand

yet another badly scribbled key

Drives that keep their secrets

Files that weren't uploaded to the cloud

And somewhere there's a envelope

with the answer to a Neverending bootup

ARGGGHHHHHHHHhhhh

Neverending bootup

ARGGGHHHHHHHHhhhh

Neverending bootup

ARGGGHHHHHHHHhhhh

Neverending bootup

ARGGGHHHHHHHHhhhh

Neverending bootup

[ ] Safeguard this message - it is an important historical document.
[ ] Delete after reading -- Subversive Literature.
[ ] Ignore and go back to what you were doing.