Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode.
Tracked as CVE-2024-38058, this important severity security flaw can let attackers bypass the BitLocker Device Encryption feature and access encrypted data with physical access to the targeted device.
"When customers applied the fix for this vulnerability to their devices, we received feedback about firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices," the company explained in a Wednesday update. "As a result, with the release of the August 2024 security updates we are disabling this fix."
After disabling the fix, Microsoft advises those who want to protect their systems and data against CVE-2024-38058 attacks to apply mitigation measures detailed in the KB5025885 advisory.
However, instead of deploying a security update, they'll now have to go through a 4-stage procedure that also requires restarting the impacted device eight times. Furthermore, Microsoft warns that after applying the mitigation on devices with Secure Boot, they will no longer be able to remove it, even after reformatting the disk.
"After the mitigation for this issue is enabled on a device, meaning the mitigations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even reformatting of the disk will not remove the revocations if they have already been applied," the company cautions.
"Please be aware of all the possible implications and test thoroughly before you apply the revocations that are outlined in this article to your device."
During this month's Patch Tuesday, Redmond also fixed a known issue triggered by July's Windows security updates, which caused some Windows devices to boot into BitLocker recovery.
While this matches the firmware incompatibility issues that forced Microsoft to disable the CVE-2024-38058 fix, the company didn't provide any information on the actual root cause or how it addressed it.
Microsoft only advised affected customers to install the latest update for their devices "as it contains important improvements and issue resolutions, including this one," without linking the bug or its fix to the CVE-2024-38058 vulnerability in any way.
Comments
NJJoe - 2 months ago
What ever happened to M$ patch testers? It's almost as if this stuff goes from the lab right out into the public with test period at all.
powerspork - 2 months ago
That's called Agile. Their products used to work because they had more QA than Dev. Then, they changed their QA approach when they made Bing and decided how they did that was better (as if Bing should ever be used as a measure of success)...
"The agile approach of combining development and testing, under the name "combined engineering" (first used in the Bing team), is also spreading. At Bing, the task of creating programmatic tests was moved onto developers, instead of dedicated testers. QA still exists and is still important, but it performs end-user style "real world" testing, not programmatic automated testing. This testing has been successful for Bing, improving the team's ability to ship changes without harming overall software quality."
https://arstechnica.com/information-technology/2014/08/how-microsoft-dragged-its-development-practices-into-the-21st-century/
I remember Windows 7 back in 2012. It was rock solid. The worst issue was having to reboot weekly for updates. We never had issues with much of anything until Windows 10 started taking off, which was about 2015. Windows 10 was always a rolling beta and it has gotten even worse. Now Windows 11 intends to double down on 10's "achievements".
But hey, look at all the cool new software they were able to make because of agile, like Paint 3d, Cortana, and baked-in advertisements.
STLblue - 2 months ago
Welcome to Agile, aka Move Fast, Break Things...