A newly released open-source tool called BitUnlocker has exposed a practical and highly repeatable attack against Microsoft’s BitLocker full-disk encryption on Windows 11. By exploiting a critical gap between patch deployment and certificate revocation, an attacker with physical access to a target machine can decrypt a protected volume in under five minutes — even on a fully patched system. The attack has been publicly documented with a working proof-of-concept available on GitHub, dramatically raising the urgency for enterprise defenders.
The Core Problem: Patches Without Revocation
The attack is rooted in CVE-2025-48804, one of four critical zero-day vulnerabilities patched by Microsoft during the July 2025 Patch Tuesday. The flaw resides in the Windows Recovery Environment (WinRE) and involves how the System Deployment Image (SDI) file mechanism interacts with the boot manager.
When a boot manager loads a legitimate WIM (Windows Imaging Format) file referenced by an SDI for integrity verification, it simultaneously permits a second attacker-controlled WIM to be appended to the SDI’s blob table. The boot manager verifies the first (legitimate) WIM but actually boots from the second, which contains a WinRE image modified to launch cmd.exe with the BitLocker-protected volume already decrypted and mounted — granting complete, unencrypted disk access.
Microsoft shipped a patched bootmgfw.efi binary for all supported systems via Windows Update in July 2025. However, that patch alone does not close the attack surface.
The Critical Weakness: Unrevoked Signing Certificates
Secure Boot validates a binary’s signing certificate, not its version number. The legacy Microsoft Windows PCA 2011 certificate, used to sign all boot managers prior to the July 2025 fix, remains trusted in the Secure Boot databases of virtually every machine currently in production — unless the machine received a fresh Windows installation after early 2026.
This means a pre-patch bootmgfw.efi binary signed under PCA 2011 is still considered completely valid by Secure Boot, despite being vulnerable. Mass revocation of the PCA 2011 certificate poses a significant operational challenge for Microsoft, as it would affect a broad range of legitimate signed binaries across the ecosystem.
How the Attack Works in Practice
Researchers at Intrinsec documented a working proof-of-concept that chains these weaknesses into a sub-five-minute attack. The requirements are minimal:
- Physical access to the target workstation
- A USB drive or PXE boot server
- No specialized hardware
The attack flow:
- The attacker prepares a modified BCD (Boot Configuration Data) file pointing to a tampered SDI and a pre-patch, PCA 2011-signed boot manager served via USB or PXE
- The target machine loads the pre-patch boot manager, which passes Secure Boot validation normally because PCA 2011 is still trusted
- The TPM releases the BitLocker Volume Master Key without triggering alerts — PCR measurements 7 and 11 remain valid under PCA 2011
- A command prompt opens with the OS volume fully decrypted and mounted
Systems running TPM-only BitLocker (the default for most enterprise deployments without additional hardening) and whose Secure Boot database still trusts PCA 2011 are fully vulnerable.
Who Is Protected — and Who Is Not
Not all configurations are equally at risk:
- Vulnerable: TPM-only BitLocker on systems that have not completed the KB5025885 migration and still trust PCA 2011
- Protected: Systems configured with TPM + PIN pre-boot authentication — the TPM will not unseal the VMK without user input during pre-boot, blocking the attack
- Protected: Systems that have completed the KB5025885 migration to the Windows UEFI CA 2023 certificate, which eliminates the downgrade path
Immediate Mitigations for Enterprise Defenders
Security teams should take the following actions without delay:
- Enable TPM + PIN pre-boot authentication — the single most effective control, preventing the TPM from releasing the VMK during any manipulated boot sequence regardless of certificate trust
- Deploy KB5025885 — this Microsoft update migrates boot manager signing to the CA 2023 certificate and introduces revocation controls that eliminate the downgrade path entirely
- Verify boot manager certificate — mount the EFI partition and use
sigcheckto confirm the activebootmgfw.efiis signed under CA 2023, not the legacy PCA 2011 - Remove WinRE on high-security workloads where pre-boot authentication cannot be enforced, minimizing the attack surface exposed to this class of exploit
- Audit physical access controls — for devices that cannot be immediately patched, ensure physical security controls are in place to prevent unauthorized access
With the PoC now publicly available on GitHub, the window before opportunistic attackers operationalize this technique is narrow. Organizations operating high-value endpoints — executive laptops, privileged workstations, devices containing sensitive intellectual property — should prioritize CA 2023 migration and TPM + PIN enforcement as an immediate remediation priority.