CVE-2024-20666 BitLocker Bypass Info

Anonymous

CVE-2024-20666

Windows Patch Pro logo
Windows Patch Pro

CVE-2024-20666 is identified as a BitLocker Security Feature Bypass Vulnerability. The vulnerability was published on January 9, 2024. Its severity is rated as medium with a CVSS v3 base score of 6.6. The vector for this vulnerability is described as CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating that it requires physical access to exploit, has a low attack complexity, low privileges required, no user interaction needed, is unchangeable in scope, and has a high impact on confidentiality, integrity, and availability【8†source】.

Rapid7 lists the vulnerability with a severity of 7 and describes it as a BitLocker Security Feature Bypass Vulnerability. Solutions for this vulnerability are provided in several Microsoft Knowledge Base (KB) articles, including KB5034119 and KB5034121, among others【9†source】.

An important update addressing this vulnerability is KB5034441 for Windows 10. However, users have reported encountering error code 0x80070643 while attempting to install this update. A series of troubleshooting steps have been provided to resolve this issue, including creating a new Windows Recovery partition and re-enabling the Windows Recovery Environment (WinRE)【10†source】.

For more detailed technical information and official updates, you can refer to Microsoft's Security Update Guide and the CVE database.