Protection Mechanism Failure in Microsoft BitLocker
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-38058 |
| CWE-ID | CWE-693 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Protection Mechanism Failure
EUVDB-ID: #VU94051
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38058
CWE-ID:
CWE-693 - Protection Mechanism Failure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures BitLocker. An attacker with physical access can bypass implemented security restrictions and gain access to encrypted data.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: before 11 23H2 10.0.22631.3880
Windows Server: before
CPE2.3 External linkshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38058
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
