A concerning security flaw in Microsoft's BitLocker encryption technology has been demonstrated to completely bypass data protection on fully-updated Windows 11 systems, even those using Secure Boot and TPM security features.
Security researcher Thomas Lambertz revealed the exploit at the recent Chaos Communication Congress, showing how an old vulnerability known as "bitpixie" (CVE-2023-21563) can still be weaponized despite Microsoft's previous attempts to patch it.
The attack allows unauthorized access to BitLocker-encrypted drives by exploiting Windows' boot process. By leveraging Secure Boot to load an outdated Windows bootloader, attackers can extract the encryption key from system memory and subsequently access all protected data using Linux.
While the exploit requires physical access to the target computer and a network connection, it poses particular risks for enterprise environments where BitLocker is widely deployed to protect corporate data. The vulnerability is especially problematic for systems using the default "Device Encryption" mode, which doesn't require additional password authentication.
"This BitLocker configuration has been broken for a while," Lambertz noted during his presentation, explaining that the encryption can be compromised through both hardware and software attack vectors.
The revelation raises serious questions about the security of BitLocker, Microsoft's full-disk encryption feature that has been included since Windows Vista. Despite using advanced AES encryption algorithms, the technology appears vulnerable to sophisticated bypass techniques.
Microsoft has been aware of the underlying vulnerability since 2022 but has not successfully resolved the security gap. The persistent flaw is particularly concerning given that BitLocker encryption is now enabled by default on newer Windows 11 installations.
The detailed technical presentation included explanations of how Secure Boot and TPM security features operate, along with the role of PXE boot and BCD bootloaders in the exploitation process.
This development serves as a reminder that even modern security features can be circumvented by resourceful attackers, potentially leaving sensitive data exposed despite apparent protection measures.