blog posts

Bypass Vulnerability

What Is Bypass Vulnerability In Windows And How To Fix It?

Windows Always Install Updates When You Try To Shut Down Your Computer Or Laptop. In General, This Is A Problem For Most Users.

Many computer users complain that Windows always installs some updates automatically. And they want to know if there is a way to permanently disable the Windows 10 update because some problems occur after the Windows update.

For example, updating Windows may result in data loss.

Brief description of bypass vulnerabilities

Bypass Vulnerability Security Feature ( CVE-2020-0689 ) allows attackers to bypass the safe boot feature and download invalid or malicious software when starting Windows.

 While the Bypass Vulnerability caused panic among Microsoft customers, Microsoft released a security version ( KB4535680 ) to combat the vulnerability. 

But the update caused problems with BitLocker key retrieval on several Windows operating system products on servers and workstations, making customers more unhappy with the product.

Who is infected?

Anyone or organization worldwide that uses Windows 10 (v1607 to v1909), Windows 8.1, Windows Server 2012 R2 and Windows Server 2012, and Microsoft operating system products is at risk for the security bypass vulnerability ( CVE-2020). -0689 ). 

These customers also encounter a BitLocker key recovery problem after installing a security update ( KB4535680 ) to combat this vulnerability.

How is this vulnerability attacked?

To exploit this vulnerability ( CVE-2020-0689 ), an attacker would first gain access to their target server and release access to the reverse shell by publishing phishing emails and creating malicious links or attachments to download and install them.

Or backend the system. The attacker can then use this initial access to perform the next steps of installing “LoJax” (popular rootkit). Even if the system is reinstalled (or formatted) or the vendor performs BIOS updates, the rootkit will remain in UEFI software.

 This vulnerability carries a serious risk of unauthorized access, breach of security, breach of data, loss of data, disruption of business operations, and impact on the credibility of victim organizations.

What can be done?

Microsoft has emphasized that the BitLocker key recovery problem has occurred many times on Windows operating systems. “If the TPM platform credit profile is configured for native UEFI firmware and the PCR7 policy is selected, the BitLocker recovery key may not be required,” the company said.

** To view the PCR7 connection status, you must run the Microsoft System Information Tool (Msinfo32.exe) with Administrative Permissions.

Microsoft has come up with a few solutions to this problem. The company recommends that you perform the following commands correctly before installing the security update ( KB4535680 ) on your system.

On a device that does not have Credential Guard enabled, run the following command from the Administrator command line to suspend BitLocker for a reboot cycle.

Manage-bde –Protectors –Disable C: -RebootCount 1

Then restart the device to resume BitLocker protection.

A Credential Guard device may have several reboots during the upgrade that require BitLocker to be suspended. Run the following command from the Administrator command line to suspend BitLocker for three restart periods.

Manage-bde –Protectors –Disable C: -RebootCount 3

This security update ( KB4535680 ) is expected to boot the system twice. Restart the device to resume protection against BitLocker.

Note: Do not enable BitLocker protection without restarting several times, as this will cause BitLocker to be restored.

It is strongly recommended that you install a security update ( KB4535680 ) after performing the above steps to reduce the risks associated with the security feature of BYPS ( CVE-2020-0689 ).