A new tool called BitUnlocker has revealed a practical downgrade attack against Microsoft’s BitLocker encryption, allowing attackers with physical access to access encrypted disks on patched Windows 11 machines in under five minutes. The attack exploits a gap between software patching and certificate revocation, leaving systems vulnerable even after Microsoft issued a fix for the underlying flaw.
Flaw Linked to Windows Recovery Environment
The attack is rooted in CVE-2025-48804, one of four critical zero-day vulnerabilities discovered by Microsoft’s Security Testing & Offensive Research team and patched during July 2025’s Patch Tuesday.
Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference
According to Intrinsec research, the flaw exists in the Windows Recovery Environment and involves the System Deployment Image file mechanism. When the boot manager loads a legitimate Windows Imaging Format file referenced by an SDI for integrity verification, it also allows a second attacker-controlled WIM to be appended to the SDI’s blob table.
The boot manager verifies the first legitimate WIM but actually boots from the second, which contains a modified WinRE image designed to launch cmd.exe with the BitLocker volume already decrypted and mounted.
Trusted Legacy Certificate Keeps Attack Path Open
Microsoft shipped a patched bootmgfw.efi binary for supported systems through Windows Update in July 2025. However, researchers said the patch alone does not fully remove the attack surface because the older signing certificate remains trusted.
Secure Boot validates a binary’s signing certificate, not its version number. The legacy Microsoft Windows PCA 2011 certificate, used to sign boot managers before the July 2025 fix, remains trusted in the Secure Boot databases of most machines unless a fresh Windows installation was performed after early 2026.
As a result, a vulnerable pre-patch bootmgfw.efi signed under PCA 2011 can still pass Secure Boot validation. Researchers noted that mass revocation of the PCA 2011 certificate would be operationally difficult because it could affect many legitimate signed binaries across the Windows ecosystem.
Physical Access and TPM-Only BitLocker Create Risk
Building on Microsoft’s original research and earlier work on the “bitpixie” downgrade exploit, researchers developed a working proof of concept that chains the weaknesses into a sub-five-minute attack. Intrinsec said the attacker needs only physical access to the target workstation, a USB drive or PXE boot server, and no specialised hardware.
The attack uses a modified Boot Configuration Data file pointing to a tampered SDI and an old vulnerable PCA 2011-signed boot manager served through USB or PXE boot. The machine then loads the pre-patch boot manager, which passes Secure Boot validation. The TPM releases the BitLocker Volume Master Key without triggering alerts because PCR measurements 7 and 11 remain valid under the trusted PCA 2011 certificate.
Systems using TPM-only BitLocker without a PIN remain fully vulnerable if their Secure Boot database still trusts PCA 2011. Machines configured with TPM plus PIN are protected because the TPM will not release the key without user interaction during pre-boot authentication. Systems that completed the KB5025885 migration to the newer Windows UEFI CA 2023 certificate are also protected against this downgrade path.
Security teams have been advised to enable TPM plus PIN pre-boot authentication, deploy KB5025885, verify that bootmgfw.efi is signed under CA 2023, and remove the WinRE recovery partition on high-security systems where pre-boot authentication cannot be enforced. The proof of concept is publicly available on GitHub, increasing pressure on enterprise defenders to audit BitLocker configurations and complete CA 2023 migration.
