Microsoft Releases PowerShell Scripts to Fix WinRE BitLocker Flaw on Windows 11 and 10

Microsoft has released new PowerShell scripts to address a BitLocker security vulnerability on Windows PCs. The PowerShell scripts are designed to automate the Windows Recovery Environment (WinRE) update process on Windows 11 and Windows 10.

BitLocker is a built-in security feature that helps users to protect data stored on their computers from unauthorized access. Once enabled, the feature requires a password or a smartcard to decrypt the entire disk or individual files or folders. BitLocker protection is particularly useful to protect sensitive data on portable devices like USB drives and Windows laptops.

Microsoft confirmed the BitLocker vulnerability (CVE-2022-41099) back in November 2022. It enables threat actors to bypass the BitLocker encryption protection to access sensitive information on vulnerable Windows devices. Microsoft released a security update to address the security flaw in January this year. However, IT admins had to manually install the update into the Windows Recovery Environment.

How to use the PowerShell scripts to address the BitLocker bypass vulnerability

Microsoft explained that the new PowerShell scripts should help administrators to automatically update WinRE images on both operating systems. The company says that IT Pros will need to run these scripts with administrative privileges to protect affected devices against cyberattacks.

Microsoft recommends enterprise admins to install the PatchWinREScript_2004plus.ps1 script on Windows 11 and Windows 10 version 2004 and newer. The company emphasized that it’s comparatively more robust than the second script.

Additionally, the PatchWinREScript_General.ps1 is designed mainly for Windows 10 version 1909 or earlier, but it can also run on Windows 11. If you’re interested, you can check out this support page to learn more about using the PowerShell scripts to update WinRE images on Windows PCs.