CVE-2024-20666
published 2024-01-09CVE-2024-20666: BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability
medium6.6CVSS 3.1
AVPACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
3.10%
86.1th percentile
BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20402 | 10.0.10240.20402 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.6614 | 10.0.14393.6614 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.5329 | 10.0.17763.5329 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.5329 | 10.0.17763.5329 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.3930 | 10.0.19044.3930 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.3930 | 10.0.19045.3930 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.2713 | 10.0.22000.2713 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.3007 | 10.0.22621.3007 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.3007 | 10.0.22631.3007 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.3007 | 10.0.22631.3007 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.6614 | 10.0.14393.6614 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.5329 | 10.0.17763.5329 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2227 | 10.0.20348.2227 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
| msrc | windows_11_version_24h2 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-20666 is a BitLocker encryption bypass vulnerability requiring physical access to the device; threat model should prioritize physical access scenarios to encrypted systems ↗
- →Patch status indicator: systems still showing 0x80070643 error after KB5034441 install attempt have NOT been patched for CVE-2024-20666 and remain vulnerable to BitLocker bypass ↗
- ·The patch (KB5034441) silently fails with error 0x80070643 on systems where the WinRE partition is too small (~500 MB default); systems may appear to have attempted patching but remain unpatched — verify actual WinRE update status independently ↗
- ·Even a brand-new Windows 10 install with the latest ISO creates a WinRE partition (~522 MB) that is too small for KB5034441, meaning a large portion of the Windows 10 fleet is silently unpatched ↗
- ·Microsoft confirmed no automated fix will be released; manual WinRE partition resize of 250 MB is required — compliance/patch management tools may incorrectly report these systems as patched ↗
- ·The PowerShell remediation script patches WinRE directly without installing KB5034441; after running it, Windows Update will still repeatedly attempt to install KB5034441 and show errors unless the update is hidden via Microsoft's Show or Hide Tool ↗
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvelistv56.6MEDIUM
vulncheck6.6MEDIUM
vendor_msrc7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
BitLocker Security Feature Bypass Vulnerability
vendor_msrc·2024-10-08·CVSS 6.4
CVE-2024-43513 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
FAQ: Is there a prerequisite for installing the security update?
Yes. For Windows Server 2012 R2 only, to apply this update, you must have KB2919355 installed.
FAQ: Are there additional steps that I need to take to be protected from this vulnerability?
Depending on the version of Windows you are running, you might need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability.
For the latest version of Windows the process of updating WinRE is now fully automated. The following versions of Windows require no additional steps as WinRE will be updated as a part of the Latest Cumulative Update if you are getting updates from Windows Update and WSUS:
Windows 11 Version 24H2 for x64-based Sys
Microsoft
Windows Update Stack Elevation of Privilege Vulnerability
vendor_msrc·2024-08-13·CVSS 7.3
CVE-2024-38202 [HIGH] CWE-284 Windows Update Stack Elevation of Privilege Vulnerability
Windows Update Stack Elevation of Privilege Vulnerability
Description: Summary
Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.
Microsoft has developed a security update to mitigate this threat which was made available October 08, 2024 and is provided in the Security Updates table of this CVE for customers to download. Note: Depending on your version of Windows, additional steps may be required to update Windows Recovery Environment (Win
Microsoft
BitLocker Security Feature Bypass Vulnerability
vendor_msrc·2024-01-09·CVSS 6.6
CVE-2024-20666 [MEDIUM] CWE-20 BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
FAQ: Are there additional steps that I need to take to be protected from this vulnerability?
Depending on the version of Windows you are running, you may need to take additional steps to update Windows Recovery Environment (WinRE) to be protected from this vulnerability.
For the latest version of Windows the process of updating WinRE is now fully automated. The following versions of Windows require no additional steps as WinRE
CVEList
BitLocker Security Feature Bypass Vulnerability
cvelistv5·2024-01-09·CVSS 6.6
CVE-2024-20666 [MEDIUM] CWE-20 BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
VulnCheck
Microsoft Windows Improper Input Validation
vulncheck·2024·CVSS 6.6
CVE-2024-20666 [MEDIUM] Microsoft Windows Improper Input Validation
Microsoft Windows Improper Input Validation
BitLocker Security Feature Bypass Vulnerability
Affected: Microsoft Windows
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://attackerkb.com/topics/ExGXg2Q43d/cve-2024-20666#exploited-in-the-wild_0ea33bca-67c5-4152-9b3b-3426b4531bb8
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft retires Windows updates causing 0x80070643 errors
blogs_bleepingcomputer·2024-08-14·CVSS 6.6
[MEDIUM] Microsoft retires Windows updates causing 0x80070643 errors
## Microsoft retires Windows updates causing 0x80070643 errors
## Sergiu Gatlan
Microsoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates.
Redmond first acknowledged this known issue in January, days after widespread reports from Windows users of 0x80070643 errors.
The company released the problematic KB5034441 (Windows 10 21H2/22H2), KB5034440 (Windows 11 21H2), and KB5034439 (Windows Server 2022) updates to fix CVE-2024-20666 , a BitLocker encryption bypass flaw that can let attackers access encrypted data.
This known issue mistakenly shows generic '0x80070643 - ERROR_INSTALL_FAILURE' error messages on affected systems instead of the corre
Bleepingcomputer
Microsoft won't fix Windows 0x80070643 errors, manual fix required
blogs_bleepingcomputer·2024-05-02·CVSS 6.6
CVE-2024-20666 [MEDIUM] Microsoft won't fix Windows 0x80070643 errors, manual fix required
## Microsoft won't fix Windows 0x80070643 errors, manual fix required
## Sergiu Gatlan
Microsoft has confirmed that it won't provide an automated fix for a known issue causing 0x80070643 errors when installing recent Windows Recovery Environment (WinRE) updates.
The problematic updates were issued during the January 2024 Patch Tuesday to fix CVE-2024-20666 , a BitLocker encryption bypass vulnerability that allows attackers to access encrypted data.
The issue impacts Windows 10 21H2/22H2 ( KB5034441 ), Windows 11 21H2 ( KB5034440 ), and Windows Server 2022 ( KB5034439 ).
On affected systems, it mistakenly shows generic '0x80070643 - ERROR_INSTALL_FAILURE' error messages instead of the correct CBS_E_INSUFFICIENT_DISK_SPACE error on systems with a Windows Recovery Environment (WinRE) pa
Bleepingcomputer
Microsoft fixes Copilot issue blocking Windows 11 upgrades
blogs_bleepingcomputer·2024-02-08·CVSS 6.6
[MEDIUM] Microsoft fixes Copilot issue blocking Windows 11 upgrades
## Microsoft fixes Copilot issue blocking Windows 11 upgrades
## Sergiu Gatlan
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems.
On Windows systems with more than one monitor affected by this known issue, the desktop icons will move between displays or jump out of alignment when using Copilot in Windows (in preview).
This known issue impacts home users running Windows 10 22H2, Windows 11 22H2, and Windows 11 23H2. It doesn't affect managed devices because Copilot for Windows has yet to roll out on enterprise systems.
The company also applied a compatibility hold to block customers using affected Windows 10 and Windows 11 devices f
Bleepingcomputer
Microsoft: Recent updates cause Sysprep Windows validation errors
blogs_bleepingcomputer·2024-01-24
Microsoft: Recent updates cause Sysprep Windows validation errors
## Microsoft: Recent updates cause Sysprep Windows validation errors
## Sergiu Gatlan
Update April 05, 13:44 EDT: Microsoft has fixed this known issue in the optional March preview cumulative update.
Microsoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates.
Sysprep helps prepare Windows client or Windows Server installations for imaging and deployment on any system by removing computer-specific information such as installed drivers and the computer security identifier (SID).
Admins can use it to manage multiple computers on a network by creating generic Windows images that can be deployed across various hardware configurations or fine-tuning a single W
Bleepingcomputer
Microsoft working on a fix for Windows 10 0x80070643 errors
blogs_bleepingcomputer·2024-01-15·CVSS 6.6
CVE-2024-20666 [MEDIUM] Microsoft working on a fix for Windows 10 0x80070643 errors
## Microsoft working on a fix for Windows 10 0x80070643 errors
## Sergiu Gatlan
Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability.
While the security issue was resolved during this month's Patch Tuesday, deploying KB5034441 on systems with a Windows Recovery Environment (WinRE) partition that's too small will fail and mistakenly show generic '0x80070643 - ERROR_INSTALL_FAILURE' error messages instead of the correct CBS_E_INSUFFICIENT_DISK_SPACE error.
As a workaround, until a fix is available, the company provides customers with affected systems detailed—and quite complex—instructions on how to resize their WinRE partitions on its support website .
If creating a new
Bleepingcomputer
Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
blogs_bleepingcomputer·2024-01-11·CVSS 6.6
[MEDIUM] Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
## Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
## Sergiu Gatlan
When trying to deploy the security update, users report seeing 0x80070643 errors, saying, "There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)."
As Microsoft explains , this happens because instead of displaying a CBS_E_INSUFFICIENT_DISK_SPACE error when the WinRE partition is not large enough, Windows Update incorrectly says the generic "0x80070643 - ERROR_INSTALL_FAILURE" error message instead.
This happens because the WinRE image file (winre.wim) deployed when installing the KB5034441 security update is too large for the recovery partition.
To address the is
Bleepingcomputer
Windows 10 KB5034441 security update fails with 0x80070643 errors
blogs_bleepingcomputer·2024-01-10
Windows 10 KB5034441 security update fails with 0x80070643 errors
## Windows 10 KB5034441 security update fails with 0x80070643 errors
## Lawrence Abrams
However, when attempting to install this update, Windows 10 users are reporting getting 0x80070643 errors and the installation failing.
On reboot, users will be greeted with a Windows Update screen stating that an error occurred and to try again later.
"There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)," reads the Windows Update error.
In a support bulletin also published yesterday, Microsoft warns that when installing the KB5034441, users are supposed to see the "Windows Recovery Environment servicing failed, (CBS_E_INSUFFICIENT_DISK_SPACE)" error when the Window
Trendmicro
The January 2024 Security Update Review
blogs_trendmicro·2024-01-09·CVSS 8.8
[HIGH] The January 2024 Security Update Review
# The January 2024 Security Update Review
Get the January 2024 security update and review.
By: Dustin Childs
2024/01/09
Read time: ( words)
Save to Folio
Welcome to the first patch Tuesday of 2024. As expected, Microsoft and Adobe have released their latest security patches. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
Adobe Patches for January 2024
For January, Adobe released a single patch addressing six CVEs in Substance 3D Stager. All six bugs are rated Important with the most severe allowing arbitrary code execution.
None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes t
Trendmicro
The January 2024 Security Update Review
blogs_trendmicro·2024-01-09·CVSS 9.1
[CRITICAL] The January 2024 Security Update Review
## The January 2024 Security Update Review
Get the January 2024 security update and review.
By: Dustin Childs Jan 09, 2024 Read time: ( words)
Save to Folio
Welcome to the first patch Tuesday of 2024. As expected, Microsoft and Adobe have released their latest security patches. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
CVE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2024-20700
Windows Hyper-V Remote Code Execution Vulnerability
Critical
7.5
No
No
RCE
CVE-2024-20674
Windows Kerberos Security Feature Bypass Vulnerability
Critical
9
No
No
SFB
CVE-2024-0057
.NET and Visual Studio Framework Security Feature Bypass Vulnerability
Important
Trendmicro
The January 2024 Security Update Review
blogs_trendmicro·2024-01-09·CVSS 9.1
[CRITICAL] The January 2024 Security Update Review
## The January 2024 Security Update Review
Get the January 2024 security update and review.
By: Dustin Childs 2024/01/09 Read time: ( words)
Save to Folio
Welcome to the first patch Tuesday of 2024. As expected, Microsoft and Adobe have released their latest security patches. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
CVE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2024-20700
Windows Hyper-V Remote Code Execution Vulnerability
Critical
7.5
No
No
RCE
CVE-2024-20674
Windows Kerberos Security Feature Bypass Vulnerability
Critical
9
No
No
SFB
CVE-2024-0057
.NET and Visual Studio Framework Security Feature Bypass Vulnerability
Important
8
Bleepingcomputer
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs
blogs_bleepingcomputer·2024-01-09·CVSS 8.8
[HIGH] Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs
## Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs
## Lawrence Abrams
10 Elevation of Privilege Vulnerabilities
7 Security Feature Bypass Vulnerabilities
12 Remote Code Execution Vulnerabilities
11 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
3 Spoofing Vulnerabilities
The total count of 49 flaws does not include 4 Microsoft Edge flaws fixed on January 5th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5034123 cumulative update and Windows 10 KB5034122 update .
## This month's interesting flaws
While there were no actively exploited or publicly disclosed vulnerabilities this month, some flaws are more interesting than others.
Microsoft fixes an Office Remo
Trendmicro
The January 2024 Security Update Review
blogs_trendmicro·2024-01-09·CVSS 9.1
[CRITICAL] The January 2024 Security Update Review
## The January 2024 Security Update Review
Get the January 2024 security update and review.
By: Dustin Childs Jan 09, 2024 Read time: ( words)
Save to Folio
Welcome to the first patch Tuesday of 2024. As expected, Microsoft and Adobe have released their latest security patches. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here:
CVE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2024-20700
Windows Hyper-V Remote Code Execution Vulnerability
Critical
7.5
No
No
RCE
CVE-2024-20674
Windows Kerberos Security Feature Bypass Vulnerability
Critical
9
No
No
SFB
CVE-2024-0057
.NET and Visual Studio Framework Security Feature Bypass Vulnerability
Important
2024-01-09
Published
Exploited in the wild