Microsoft researchers detail BitLocker bypass chain in WinRE, patches shipped in July
Microsoft’s internal STORM team has disclosed four Windows Recovery Environment flaws that, when combined, allowed an attacker with physical access to bypass BitLocker full volume encryption. The vulnerabilities, collectively dubbed BitUnlocker, were fixed in the July 2025 security update. Enterprises that rely on BitLocker for device loss, theft or seizure scenarios should prioritise deployment and hardening.
BitLocker depends on WinRE for legitimate recovery. Architectural changes that give WinRE auto unlock access to encrypted volumes during recovery created new attack surfaces. STORM’s analysis mapped several paths that abuse this trust boundary, starting from a simple reboot into WinRE from the sign in screen.
The first issue, CVE 2025 48804, targets how WinRE processes System Deployment Image files during boot. Researchers showed that a crafted Boot.sdi could carry a malicious Windows image appended after a legitimate one. Integrity checks verified the hash of the original image on disk, not the payload that actually executed. This let an attacker boot an untrusted recovery environment that inherited full access to encrypted volumes.
Two ReAgent.xml parsing flaws offered alternative routes to privileged command execution under the auto unlock state. CVE 2025 48800 abuses the Offline Scanning operation to launch cmd.exe through tttracer.exe, a signed time travel debugging tool, which inherits WinRE permissions over encrypted drives. CVE 2025 48003 targets SetupPlatform.exe, which registers a Shift plus F10 hotkey that opens a command prompt. By manipulating recovery configuration, an attacker could trigger this prompt without re locking the volume.
STORM then assembled a full exploit chain, CVE 2025 48818, that delivers complete decryption. The chain relies on inconsistencies in disk volume enumeration to place attacker controlled Boot Configuration Data on a recovery partition that is processed before the legitimate store. WinRE is tricked into treating the attacker’s target as the trusted operating system. The flow then leverages Push Button Reset with a DecryptVolume directive used in genuine recovery. Once that routine completes, BitLocker is disabled and protected secrets become accessible.
The practical risk is tied to physical access. A motivated adversary who can restart a device and reach WinRE could exfiltrate data from drives that users believed were protected. This matters for laptops at border crossings, corporate assets in the field and any endpoint exposed to hands on tampering.
Microsoft advises several defences beyond applying the July patches. Enable a Trusted Platform Module with a pre boot PIN to add a human presence check before decryption. Implement REVISE mitigation to prevent BitLocker downgrade paths. Enforce Secure Boot, firmware passwords and disable external boot where possible. Limit or lock access to WinRE, and monitor for unusual recovery operations and BCD changes in endpoint telemetry.
All four vulnerabilities are now patched. STORM presented the research at Black Hat USA 2025 and DEF CON 33, underscoring that recovery tooling must be treated as part of the trusted computing base. Recovery should be simple for users, but not simple for attackers.
