Bypass Vulnerability: Windows Always Installs Updates When You Try To Shut Down Your Computer Or Laptop, which is A Problem For Most Users.
Many computer users complain that Windows always installs some updates automatically. They want to know if there is a way to permanently disable the Windows 10 update because some problems occur after the update.
For example, updating Windows may result in data loss.
Brief description of bypass vulnerability
Bypass Vulnerability Security Feature ( CVE-2020-0689 ) allows attackers to bypass the safe boot feature and download invalid or malicious software when starting Windows.
While the Bypass Vulnerability caused panic among Microsoft customers, Microsoft released a security version ( KB4535680 ) to combat the vulnerability.
However, the update caused problems with BitLocker key retrieval on several Windows operating system products on servers and workstations, making customers more unhappy with the product.
Who is infected?
Anyone or organization worldwide that uses Windows 10 (v1607 to v1909), Windows 8.1, Windows Server 2012 R2, and Windows Server 2012, and Microsoft operating system products are at risk for the security bypass vulnerability ( CVE-2020). -0689 ).
These customers also encounter a BitLocker key recovery problem after installing a security update ( KB4535680 ) to combat this vulnerability.
How is this vulnerability attacked?
To exploit this vulnerability ( CVE-2020-0689 ), an attacker would first gain access to their target server and release access to the reverse shell by publishing phishing emails and creating malicious links or attachments to download and install them.
Or backend the system. The attacker can then use this initial access to perform the following steps to install “LoJax” (popular rootkit). The rootkit will remain in UEFI software even if the system is reinstalled (or formatted) or the vendor performs BIOS updates.
This vulnerability carries a serious risk of unauthorized access, security breach, data breach, data loss, disruption of business operations, and impact on the credibility of victim organizations.
What can be done?
Microsoft has emphasized that the BitLocker key recovery problem has often occurred on Windows operating systems. “If the TPM platform credit profile is configured for native UEFI firmware and the PCR7 policy is selected, the BitLocker recovery key may not be required,” the company said.
** To view the PCR7 connection status, run the Microsoft System Information Tool (Msinfo32.exe) with Administrative Permissions.
Microsoft has devised a few solutions to this problem. The company recommends performing the following commands correctly before installing the security update ( KB4535680 ) on your system.
On a device that does not have Credential Guard enabled, run the following command from the Administrator command line to suspend BitLocker for a reboot cycle.
Manage-bde –Protectors –Disable C: -RebootCount 1
Then, restart the device to resume BitLocker protection.
During the upgrade, a Credential Guard device may experience several reboots that require BitLocker to be suspended. Run the following command from the Administrator command line to suspend BitLocker for three restart periods.
Manage-bde –Protectors –Disable C: -RebootCount 3
This security update ( KB4535680 ) is expected to boot the system twice. Restart the device to resume protection against BitLocker.
Note: Do not enable BitLocker protection without restarting several times, as this will cause BitLocker to be restored.
It is strongly recommended that you install a security update ( KB4535680 ) after performing the above steps to reduce the risks associated with BYPS’s security features ( CVE-2020-0689 ).
Microsoft has identified a pair of Windows vulnerabilities being exploited through zero-click attacks in the Windows Outlook client. The first flaw, CVE-2023-29324, affects the MSHTML/EdgeHTML component and can bypass a previous patch (CVE-2023-23397). By exploiting the MapUrlToZone function in the Windows API, attackers can trick the system into treating a remote path as local.
This legacy issue impacts all versions of the Outlook client on Windows. Attackers can send malicious emails that automatically establish connections to servers they control, capturing the Net-NTLMv2 hash of victims. This enables NTLM Relay attacks, allowing unauthorized access to other services without user interaction—even before an email is viewed in the Preview Pane.
To mitigate these risks, Microsoft recommends updating CVE-2023-29324 and CVE-2023-23397. Users are also advised to install the latest IE cumulative updates. Full details and updates can be found on the.