There is currently a patch available for full disk encryption feature, BitLocker. Security researchers have identified a major vulnerability within the unpatched version that puts machines that should be encrypted and use this product at risk. The vulnerability stems from the relationship BitLocker has with computers on a domain, which can be found in almost any corporate wide area network (WAN).
The security gap is the result of the encryption product checking a user’s password against information stored on the domain controller. With this being the case, it is possible to remove the encrypted laptop from the WAN, create a sandbox local area network (LAN), and convince the computer that it is checking a user’s legitimate credentials against a falsified machine that is acting as a domain controller.
All machines running this previous version of BitLocker should be patched immediately following discovery of this logic flaw. Microsoft fixed the vulnerability Tuesday and published the corresponding MS15-122 security bulletin.
If you have any questions regrading this patch please contact a certified GraVoc employee
Related articles
Business Email Compromise: Top BEC Tactics & How to Protect Against Them
We take a look at Business Email Compromise, including common BEC tactics and what your business can do to protect against them.
FFIEC CAT Sunset: Why the CRI Profile is a Strong Alternative
With the FFIEC CAT sunset approaching, we explore why the CRI Profile is a strong alternative to the CAT for financial institutions!
FTC Safeguards Rule Compliance for Auto Dealerships
We’ll go over the FTC Safeguards Rule, what it requires, and how a managed service provider can help auto dealerships stay compliant.