Main Vulnerability Database SB2024010995

SB2024010995 - Security features bypass in Microsoft BitLocker

Published: January 9, 2024

Security Bulletin ID SB2024010995

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Security features bypass (CVE-ID: CVE-2024-20666)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to security features bypass in BitLocker. An authenticated attacker with physical access can bypass the BitLocker Device Encryption feature and gain access to encrypted data.

Remediation

Install update from vendor's website.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666