Forum Discussion

GKrembsler's avatar
GKrembsler
Copper Contributor
Jan 12, 2023

CVE 2022 41099

Hi, As a CISO and security consultant, I want to know the extent of the impact of this vulnerability. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099 My current understanding ...
microsoft defender for endpoint
security
GKrembsler's avatar
GKrembsler
Copper Contributor
Jan 15, 2023

PeterRising,
Yes Peter - i know them all searching for answers.
There's two issues:
1st - how to patch WinRE - this is something i can handle. There's also a script on github going a different way and copying a patched wim-file to replace the unpatched version directly in the partition. But this all is not a solution as if am able to replace the wim directly everybody can extract the unpatched version out of any iso image in any version.

2nd - if this is the problem i can see, this is a high Risk in my risk table and if i go through all the options i can no longer trust bitlocker!

To say something about this risk i'd need info about the attack itself. Without, i can not make any trustworthy comment. If the issue is build into the wim, there's no way to prevent one to mount this wim on a separate disk, boot the computer and use it to crack bitlocker. So neither disabling the WinRE nor deleting it from the HD will be a solution.

If this becomes true, we have a really big problem with nearly every windows computer.

I hope microsoft will give info about the attack itself. If not we can only "guess" and in this case my reaction as CISO would be to disable any Bitlocker and replace it with a differens solution.

Non encrypted disks on a computer is no way ...

hipslu's avatar
hipslu
Copper Contributor
Jan 17, 2023
in my understanding, blocking booting from external media and requiring a pin (pre boot auth) would be needed to be on the safe side again - what do you think?