Researchers demonstrated how attackers can bypass its protections without physically tampering with the device. The exploit, known as “bitpixie” (CVE-2023-21563), was showcased at the Chaos Communication Congress (38C3) by security researcher Thomas Lambertz.
The “bitpixie” exploit bypasses Secure Boot by exploiting a downgrade attack on the Windows Boot Manager.
This vulnerability highlights a critical flaw in the default configuration of BitLocker on Windows 11, raising alarms for users relying on it for data protection.
BitLocker, Microsoft’s full-disk encryption technology, is designed to protect sensitive data by encrypting entire drives. It relies on Secure Boot and the Trusted Platform Module (TPM) to ensure…