Is CVE-2024-20666 Bitlocker vulnerability mitigated by disabling Windows RE or removing the recovery parition?
Taking Microsoft's page on CVE-2024-20666 at face value, that Bitlocker vulnerability is darn serious in an "evil maid" attack:
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device.
| Attack Vector | Physical. The attack requires the attacker to physically touch or manipulate the vulnerable component. |
| Attack Complexity | Low. Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component. |
| Privileges Required | Low. The attacker is authorized with (i.e., requires) privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges may have the ability to cause an impact only to non-sensitive resources. |
| User Interaction: | None. |
| Confidentiality (impact) | High. |
| Integrity (impact) | High. |
| Report Confidence | Confirmed. |
| Publicly disclosed | No. |
| Remediation Level | Official Fix. |
The official fix is a Windows Recovery Environment update. Unfortunately it fails to install on some machines. Reasons include too small a recovery partition, something with a semi-official remedy. But there are others, like missing Winre.wim, and then there are several versions of that, including one updated December 2023. Update: did not yet try that later near-official remedy.
Questions
Are machines where WinRE is disabled (e.g. by reagentc /disable) vulnerable?
If yes, are machines where further the recovery partition is deleted and it's space reclaimed vulnerable?
