CVE-2024-38058
published 2024-07-09CVE-2024-38058: BitLocker Security Feature Bypass Vulnerability BitLocker Security Feature Bypass Vulnerability
medium6.8CVSS 3.1
AVPACLPRNUINSUCHIHAH
EPSS
0.94%
56.2th percentile
BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20710 | 10.0.10240.20710 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7159 | 10.0.14393.7159 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.4651 | 10.0.19044.4651 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.4651 | 10.0.19045.4651 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.3079 | 10.0.22000.3079 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.3880 | 10.0.22621.3880 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.3880 | 10.0.22631.3880 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.3880 | 10.0.22631.3880 |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24975 | 6.2.9200.24975 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22074 | 6.3.9600.22074 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7159 | 10.0.14393.7159 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2582 | 10.0.20348.2582 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvelistv56.8MEDIUM
vendor_msrc6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CVEList
BitLocker Security Feature Bypass Vulnerability
cvelistv5·2024-07-09·CVSS 6.8
CVE-2024-38058 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
Microsoft
BitLocker Security Feature Bypass Vulnerability
vendor_msrc·2024-07-09·CVSS 6.8
CVE-2024-38058 [MEDIUM] CWE-693 BitLocker Security Feature Bypass Vulnerability
BitLocker Security Feature Bypass Vulnerability
FAQ: Why was the fix for this vulnerability disabled and how can I apply protections to address this issue?
When customers applied the fix for this vulnerability to their devices, we received feedback about firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices. As a result, with the release of the August 2024 security updates we are disabling this fix. Customers who want this protection can apply the mitigations described in KB5025885.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could explo
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Windows BitLocker bug triggers warnings on devices with TPMs
blogs_bleepingcomputer·2025-01-15·CVSS 6.8
[MEDIUM] Windows BitLocker bug triggers warnings on devices with TPMs
## Windows BitLocker bug triggers warnings on devices with TPMs
## Sergiu Gatlan
Microsoft is investigating a bug triggering security alerts on systems with a Trusted Platform Module (TPM) processor after enabling BitLocker.
BitLocker is a Windows security feature that encrypts storage drives to prevent data theft or exposure. According to Redmond , it "provides maximum protection" when used with a TPM "to ensure that a device hasn't been tampered with while the system is offline."
TPMs are dedicated security processors that provide hardware-based security functions and act as trusted hardware components for storing sensitive data, such as encryption keys and various other security credentials.
In an advisory published Tuesday, the company says this known issue also affects unmanage
Bleepingcomputer
Microsoft disables BitLocker security fix, advises manual mitigation
blogs_bleepingcomputer·2024-08-15·CVSS 6.8
CVE-2024-38058 [MEDIUM] Microsoft disables BitLocker security fix, advises manual mitigation
## Microsoft disables BitLocker security fix, advises manual mitigation
## Sergiu Gatlan
After disabling the fix, Microsoft advises those who want to protect their systems and data against CVE-2024-38058 attacks to apply mitigation measures detailed in the KB5025885 advisory .
However, instead of deploying a security update, they'll now have to go through a 4-stage procedure that also requires restarting the impacted device eight times. Furthermore, Microsoft warns that after applying the mitigation on devices with Secure Boot, they will no longer be able to remove it, even after reformatting the disk.
"After the mitigation for this issue is enabled on a device, meaning the mitigations have been applied, it cannot be reverted if you continue to use Secure Boot on that device. Even refo
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
## The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs 2024/07/09 Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
# The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs
2024/07/09
Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
2024-07-09
Published