Bitlocker encryption somehow bypassed

Question

Bitlocker encryption somehow bypassed

Anonymous

Dear Microsoft Community,

So as yall know, on July 19th as a result of a Crowdstrike outage, most of the enterprise devices worldwide got affected by the infinite BSOD loop. One of the ways to solve the issue was to go to the recovery environment, enable the safe boot via command prompt ( bcdedit /set {default} safeboot minimal ), normally access the system and delete the corrupt crowdstrike file. However the issue is some of the devices are bitlocker encrypted which prompts you to enter the recovery key before you can access this drive. Otherwise none of the cmd commands would work. So at our office we had 30 bitlocker encrypted laptops which had their keys lost. Even formatting these laptops wont work since it would still ask you for the bitlocker key (a string of random numbers). So what I did is I inserted the windows 11 USB flash drive, and instead of installing it clicked on the repair this pc option. As usually it asked me to enter the bitlocker key which I skipped, and then accessed the cmd once again. However this time, the safe boot command somehow worked. Whats more even the default cmd path was not the X:\Windows\System32 but rather X:\Sources. After that I was able to delete the file and boot into the laptops normally. My question is: how the hell did that work? Another way which I tested is I tweaked the SATA mode from RAID to AHCI - it also bypassed the bitlocker encryption.

***Move from Windows / Windows 11 / Security and privacy***

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

5 answers

Answer 1

Deleted

This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Comments have been turned off. Learn more

Answer 2

Hello,

Thank you for posting in Microsoft Community forum.

Based on the description, I understand your question is related to bitlocker.

Bitlocker will not be bypassed unless it is unlocked. Generally you need to enter the password or recovery key to unlock system drive. It may also do not need to manually enter password if TPM enabled.

BitLocker provides maximum protection when used with a Trusted Platform Module (TPM), which is a common hardware component installed on Windows devices. The TPM works with BitLocker to ensure that a device hasn't been tampered with while the system is offline.

In addition to the TPM, BitLocker can lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device that contains a startup key. These security measures provide multifactor authentication and assurance that the device can't start or resume from hibernation until the correct PIN or startup key is presented.

BitLocker overview - Windows Security | Microsoft Learn

Have a nice day.

Best Regards,

Molly

Answer 3

Anonymous

Thank you for reaching out. But it still did not answer my question.

Answer 4

Anonymous

Hello,

You're welcome, here are more info for your reference:

Configure BitLocker | Microsoft Learn

Best regards,

Molly

Answer 5

Bitlocker was not bypassed. What you did for recovery instead allowed you to unlock the drive normally instead of of needing to use the recovery key.

For example if you removed the drive this would not work because the TPM isn't present.

If you used TPM + PIN you would have had to enter the PIN at some point.

Share via

Bitlocker encryption somehow bypassed

5 answers