There is currently a patch available for full disk encryption feature, BitLocker. Security researchers have identified a major vulnerability within the unpatched version that puts machines that should be encrypted and use this product at risk. The vulnerability stems from the relationship BitLocker has with computers on a domain, which can be found in almost any corporate wide area network (WAN).
The security gap is the result of the encryption product checking a user’s password against information stored on the domain controller. With this being the case, it is possible to remove the encrypted laptop from the WAN, create a sandbox local area network (LAN), and convince the computer that it is checking a user’s legitimate credentials against a falsified machine that is acting as a domain controller.
All machines running this previous version of BitLocker should be patched immediately following discovery of this logic flaw. Microsoft fixed the vulnerability Tuesday and published the corresponding MS15-122 security bulletin.
If you have any questions regrading this patch please contact a certified GraVoc employee
Related articles
Tackle the Cybersecurity Talent Shortage by Hiring a vCISO
In this blog post, we discuss how outsourcing cybersecurity operations to a vCISO can help businesses, including SMBs, tackle the cybersecurity talent shortage.
Need-to-Know Privilege Explained
In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.
Email Security: Solutions to Protect Your Inbox from Cybersecurity Threats
In this blog post, we discuss the importance of email security for businesses and explore the VIPRE and Sendmarc email protection technology solutions.
