2025-01-31 03:53:13 Pacfic
Windows BitLocker Vulnerability Exposed via Randomization Attack - 8d
A critical vulnerability has been discovered in Windows BitLocker (CVE-2025-21210), which leaves the encryption susceptible to a randomization attack. Attackers with physical access can exploit this flaw to manipulate ciphertext blocks, potentially exposing sensitive data stored on disk in plaintext. This vulnerability, referred to as bitpixie, stems from the ability to downgrade the Windows Boot Manager, and only requires the attacker to connect a LAN cable and keyboard to decrypt the disk.
There is also evidence that TPM-equipped devices are experiencing issues, triggering warnings after BitLocker is enabled. These vulnerabilities are present even on fully updated Windows 11 systems, where device encryption is enabled and Secure Boot is active with locked BIOS/UEFI settings. Although ready-made tools to exploit this bug aren’t widely available, the full details have been made public. Mitigation for affected users include using a pre-boot PIN or applying KB5025885.
ImgSrc: blogger.googleusercontent.com
References:
- Privacy Guides Community - Latest topics - Windows BitLocker -- Screwed without a Screwdriver - 9d
- neodyme.io - Breaking up-to-date Windows 11 BitLocker encryption -- on-device but software-only - 9d
- CySecurity News - Latest Information Security and Hacking Incidents - TPM-Equipped Devices Trigger Warnings Due to a Windows BitLocker Flaw - 9d
- Cyber Security News - Windows BitLocker Vulnerability(CVE-2025-21210) Exploited in Randomization Attack - 8d
Classification:
- HashTags: BitLocker Encryption WindowsSecurity
- Company: Microsoft
- Target: Windows Users
- Product: Windows BitLocker
- Feature: BitLocker Encryption
- Type: Vulnerability
- Severity: Major