SB2026061214 - Multiple vulnerabilities in Microsoft Windows BitLocker
Published: June 12, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Protection Mechanism Failure (CVE-ID: CVE-2026-45655)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in Windows BitLocker. An attacker with physical access can bypass implemented security restrictions and gain access to sensitive information on the system.
2) Missing Authentication for Critical Function (CVE-ID: CVE-2026-50507)
CWE-ID: CWE-306 - Missing Authentication for Critical Function
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in Windows BitLocker. An attacker with physical access can bypass implemented security restrictions on the system.
3) Improper access control (CVE-ID: CVE-2026-45658)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Windows BitLocker. A local user can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install update from vendor's website.