Support NeoGAF

[Spyxos]

While initially Microsoft did not report any known issues with the latest Patch Tuesday, the company has now added that all systems which have received the updates are affected by a BitLocker-related issue. This means Windows 11, Windows 10 (KB5082200), as well as Windows Server 2025 and Server 2022, are all hit by this.

The company has explained that the issue is due to an unrecommended BitLocker-based Group Policy configuration. This leads to a BitLocker Recovery key prompt on affected systems. The good news, Microsoft says, is that the key will only be necessary to be entered once, plus it also seemingly affects only a limited number of systems. Such devices have to meet the following criteria:

• BitLocker is enabled on the OS drive.
• The Group Policy "Configure TPM platform validation profile for native UEFI firmware configurations" is configured, and PCR7 is included in the validation profile (or the equivalent registry key is set manually).
• System Information (msinfo32.exe) reports Secure Boot State PCR7 Binding as "Not Possible".
• The Windows UEFI CA 2023 certificate is present in the device's Secure Boot Signature Database (DB), making the device eligible for the 2023‑signed Windows Boot Manager to be made the default.
• The device is not already running the 2023-signed Windows Boot Manager.

https://www.neowin.net/news/microsoft-confirms-windows-11-kb5083769-kb5082052-wrongly-forcing-bitlocker-recovery/

 

[winjer]

I have the Bitlocker service disabled, just to avoid problems. A few months ago, one of my drivers had Bitlocker active, asking to complete the process. I had never asked Windows to encrypt any of my files.
Microsoft is too callous and irresponsible, forcing users into unfinished "features" that can cause big problems for users and companies.

 

[Lupin3]

The good news, Microsoft says, is that the key will only be necessary to be entered once,

Until these asshats fuck up again...

 

[Zathalus]

That specific configuration doesn't seem all that common for consumers thankfully. Even for Enterprise it seems a bit odd.

Still, Microsoft QA remains shit.

 

[Bojji]

Bravo MS!

 

[Danny Dudekisser]

Practically speaking, I can't envision a scenario where Bitlocker isn't just a ticking time bomb for me, particularly for my desktop. I had a mild panic attack with my laptop when I got locked out after changing a bios setting or something, which I was fortunately able to revert so I could disable it altogether. I had never opted into it. Terrible product.

 

[Jinzo Prime]

Microsoft is ransomware attacking thier own customers

 

[Moondoggy]

Today Microsoft confirms Windows 11 killed your dog, beat your mother, and took a dump on your hopes and dreams

Windows Users: "We know"

 

[Skifi28]

While initially Microsoft did not report any known issues with the latest Patch Tuesday

Always scared when I see that.

 

[The Cockatrice]

Thanks for letting me know that I should STILL remain on Win10.

 

[Windle Poons]

Thanks for letting me know that I should STILL remain on Win10.

Hate to break it to you.

 

[Zacfoldor]

So it locks bitlocker....only if you already had bitlocker on.....but if you had bitlocker on you had to unlock bitlocker anyway when you booted up and there is no second screen, so.....

I mean if bitlocker somehow locked you out of your PC and you didn't have the code, your PC is encrypted and you are fucked, so that ain't good....

Do you make a recovery key when you activate bitlocker? I'd had it on on my laptop for a long time and I don't have a recovery key....I remember the password but not a separate recovery key.

 

[Tommi84]

and you didn't have the code,

I think (with the emphasis on THINK) you can retrieve from you online account if you used one to login. If not, yeah, you're FUCKED

 

[Magic Carpet]

Nothing is safe anymore. Saw on Veritasium yesterday where they demonstrated tap to pay on a locked iPhone stealing $10,000 from Marques Brownlee.

 

[Steve Holt]

Man, this operating system is a piece of shit.

 

[RoboFu]

are we at max vibing yet!?

 

[Magic-DEI-Hire]

Nothing is safe anymore. Saw on Veritasium yesterday where they demonstrated tap to pay on a locked iPhone stealing $10,000 from Marques Brownlee.

That specific exploit requires an Express Transit setting to be enabled, which is off by default unless previously set up. It's also specifically a vulnerability with Visa's security and doesn't affect Mastercard or American Express. A Visa card has to specifically be set up for express transit also.

Second, this is not an iPhone issue — it's related to the payment system used by Visa, not Mastercard and not American Express.

Visa also told Veritasium that the exploit was very unlikely from a scaled real world setting, and any such transactions can be disputed. The researchers who shared the exploit said users can protect themselves by not using a Visa card on the iPhone for transit purposes, MacRumors reported.

Thieves Can Drain Funds From A Locked iPhone With This Transit Trick: How To Protect Yourself

An iPhone exploit allows bad actors to conduct high-value transactions from your locked phone. Here’s the simple step you need to take to prevent it.

www.forbes.com

 

[Magic Carpet]

That specific exploit requires an Express Transit setting to be enabled, which is off by default. It's also specifically a vulnerability with Visa's security and doesn't affect Mastercard or American Express. A Visa card has to specifically be set up for express transit also.

Yep, after watching the video last night, I checked, I have all my transit turned off and made my default card a Master Card. The Apple Card is a Master Card.
BUT my Apple Pay is a Visa. Also my Amazon card is a Visa. I think all the other cards I have are Master Cards.
Never cared till this about Visa/Master Card. But it does matter.

 

[Magic-DEI-Hire]

Yep, after watching the video last night, I checked, I have all my transit turned off and made my default card a Master Card. The Apple Card is a Master Card.
BUT my Apple Pay is a Visa. Also my Amazon card is a Visa. I think all the other cards I have are Master Cards.
Never cared till this about Visa/Master Card. But it does matter.

Sadly what this exploit proves is that Visa has worse/more exploitable security loopholes.

 

[Loomy]

Microsoft is too callous and irresponsible, forcing users into unfinished "features" that can cause big problems for users and companies.

Still, Microsoft QA remains shit.

Really getting the sense they either don't give a shit, or Windows is built on so many layers of actual shit at this point that they can't possibly test everything.

 

[ReBurn]

Bitlocker is one of my favorite games

 

[Magic-DEI-Hire]

Really getting the sense they either don't give a shit, or Windows is built on so many layers of actual shit at this point that they can't possibly test everything.

 

[Guilty_AI]

Began disabling this shit as soon as i heard that it existed. Sounded like a headache waiting to happen and i was right

 

[epicurius-seven]

A typical Windows update:

- Add some widgets no one uses
- Move some controls to another setting screen
- Rename random app/service to Copilot
- Flavour with some bugs in boot processes (soon to be rewritten as Electron app)

 

[MayauMiao]

I avoid bitlocker after seeing how it go horribly wrong.

If I wanted to encrypt files, I just save it with Veracrypt on a seperate storage (NAS, external HDD).

 

[StereoVsn]

That specific configuration doesn't seem all that common for consumers thankfully. Even for Enterprise it seems a bit odd.

Still, Microsoft QA remains shit.

There is QA? I think you mean couple of interns with Copilot!

 

[Avid Reading Horse]

I have the Bitlocker service disabled, just to avoid problems. A few months ago, one of my drivers had Bitlocker active, asking to complete the process. I had never asked Windows to encrypt any of my files.
Microsoft is too callous and irresponsible, forcing users into unfinished "features" that can cause big problems for users and companies.

 

[Revreign]

At this point it feels like this is intentional. "See how much we can do to our users without them leaving". The level of incompetence at this point is unbelievable.

 

[winjer]

At this point it feels like this is intentional. "See how much we can do to our users without them leaving". The level of incompetence at this point is unbelievable.

And it doesn't stop there. The sheer level of incompetence is quite impressive.
In early April a new vulnerability was discovered called Blue Hammer. It's a Local Elevation Privilege vulnerability that allows an attacker to gain System level access, higher than normal user and admin.
Microsoft still has not made a CVE assignment, not patch, no fix. Nothing.

BlueHammer Windows Zero-Day Bug: What Enterprises Must Know

The BlueHammer zero-day exploit turns Microsoft Defender into a privilege escalation tool. No patch exists. Learn how the bug works and how to defend against it.

pacgenesis.com

 

[DenchDeckard]

Microslop strikes again!

 

[Fahdis]

-Snip-

This happened to me once. And I had to wipe out everything and start over. Fuck bitlocker.

 

[xrnzaaas]

Just another Windows feature you should disable (and re-check if it's still off after every big update), despite Microslop really wanting you to use it.

 

[Hudo]

They should ask Bethesda for help.

 

[Revreign]

And it doesn't stop there. The sheer level of incompetence is quite impressive.
In early April a new vulnerability was discovered called Blue Hammer. It's a Local Elevation Privilege vulnerability that allows an attacker to gain System level access, higher than normal user and admin.
Microsoft still has not made a CVE assignment, not patch, no fix. Nothing.

BlueHammer Windows Zero-Day Bug: What Enterprises Must Know

The BlueHammer zero-day exploit turns Microsoft Defender into a privilege escalation tool. No patch exists. Learn how the bug works and how to defend against it.

pacgenesis.com

I'm glad I've been primarily a Linux user since 2007 and Haven't even had a dual boot of Windows for games in a few years now. It's irresponsible of your own privacy and security to run it at this point.