There is currently a patch available for full disk encryption feature, BitLocker.  Security researchers have identified a major vulnerability within the unpatched version that puts machines that should be encrypted and use this product at risk.  The vulnerability stems from the relationship BitLocker has with computers on a domain, which can be found in almost any corporate wide area network (WAN).

The security gap is the result of the encryption product checking a user’s password against information stored on the domain controller.  With this being the case, it is possible to remove the encrypted laptop from the WAN, create a sandbox local area network (LAN), and convince the computer that it is checking a user’s legitimate credentials against a falsified machine that is acting as a domain controller.

All machines running this previous version of BitLocker should be patched immediately following discovery of this logic flaw.  Microsoft fixed the vulnerability Tuesday and published the corresponding MS15-122 security bulletin.

If you have any questions regrading this patch please contact a certified GraVoc employee

Related articles

 

Top 3 Red Flags of Phishing

Top 3 Red Flags of Phishing

We explore the top 3 red flags of phishing that businesses & employees should be aware of in order to recognize & mitigate a threat.

read more

Pin It on Pinterest

Share This