BitLocker Security Feature Bypass Vulnerability - CVE-2024-20666ID: oval:org.secpod.oval:def:96653 | Date: (C)2024-01-10 (M)2024-04-17 |
Class: VULNERABILITY | Family: windows |
BitLocker Security Feature Bypass Vulnerability. A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data. The exploit is only possible with the winre.wim on the recovery partition of the device. A BitLocker encrypted drive cannot be accessed via an arbitrary WinRE WIM file hosted on an external drive. To exploit the vulnerability the attacker needs to know the TPM PIN if the user is protected by the BitLocker TPM+PIN.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 11 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2022 |
Microsoft Windows Server |