none
CVE-2018-8566 Patch Force Encrypts Drives using BitLocker (Update KB4467702) RRS feed

  • General discussion

  • From the CVE-2018-8566 vulnerability page on technet

    "A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data.

    To exploit the vulnerability, an attacker must gain physical access to the target system prior to the next system reboot.

    The security update fixes the vulnerability by ensuring Windows resumes BitLocker Device Encryption."

    Turned on my machine this morning to find all drives were now encrypted with Windows BitLocker. Checked the system event logs and low and behold, after the update and subsequent restart, the user SYSTEM began automatically encrypting everything. Moreover, there were zero BitLocker related events in the log before the update. 

    For my internal drives there were no issues, just disabled BitLocker through the manager. Unfortunately my one external drive is now locked in an unrecoverable state, simply asking for a 48-digit recovery key to unlock it. After spending several hours searching the forums I have yet to see a solution aside from "recover your key that never existed", although I did come across several posts with users experiencing the same issue all around this time last year. 

    Anyone else experiencing this? 

    Thursday, November 15, 2018 8:30 PM

All replies

  • I updated my system to the latest build 17134.407, everything is ok. No BitLocker enabled.

    Windows will not encrypted itself automatically without user confirmation, since you could decrypt internal drives from BitLocker Manager, what about the external drive appearance in Control Panel?

    One thing you said is correct, if we don’t know 48-digit recovery key or password, we can’t unlock BitLocker.

    About the CVE-2018-8566 | BitLocker Security Feature Bypass Vulnerability, my understanding is: the PC is vulnerable only if device encryption was improperly suspended, this path fixes the vulnerability by ensuring Windows resumes BitLocker Device Encryption. Not any words in article indicates that device will be forcibly encrypted.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 16, 2018 2:19 AM
    Moderator