This issue could allow attackers with initial access onto the system to attempt BitLocker key recovery using malicious payload and gain unauthorized access to the BitLocker-protected drive.
#WINDOWS 2012 R2 SERVER KEY BYPASS UPDATE#
The security update ( KB4535680) from Microsoft triggers the BitLocker key recovery issue on Windows 10 releases (from v1607 to v1909), Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. The vulnerability poses a severe risk of unauthorized access, security breach, data breach, data loss, disruption in business operation, and impact on the attacked organization’s reputation. Even if the system is rebuilt (or formatted) or the OEM vendor releases BIOS-updates, the rootkit will remain within the system’s UEFI firmware. Post-installation of the rootkit, the attacker, will have continuous access into the system. The attacker can then take advantage of this initial access to execute the next steps like installing “LoJax” (popular rootkit), etc.
#WINDOWS 2012 R2 SERVER KEY BYPASS INSTALL#
This can be done through spear-phishing email with malicious links or attachments to download and install malicious payload capable of allowing reverse shell or backdoor access into systems. To exploit this vulnerability ( CVE-2020-0689), an attacker must first find his/her way into the target server. These customers will also have to deal with the BitLocker key recovery issue after installing the security update ( KB4535680) to tackle the vulnerability. Who is affected?Īny organizations or individuals worldwide who are using Windows 10 releases (from v1607 to v1909), Windows 8.1, Windows Server 2012 R2, and Windows Server 2012 operating system products from Microsoft are vulnerable to the risk posed by the security feature bypass vulnerability ( CVE-2020-0689). But the update has caused further inconvenience to the already troubled customers by triggering BitLocker key recovery issues across multiple Windows OS products in servers and workstations. While this vulnerability created panic among Microsoft customers, Microsoft released a security update ( KB4535680) to tackle the same.
The security feature bypass vulnerability ( CVE-2020-0689) allows attackers to bypass the secure boot feature and load untrusted or malicious software during the Windows boot-up process.