Bitlocker security issue

2

I’ve come across an issue with Bitlocker being automatically suspended by the system after each cumulative update in Windows 10 (Pro) 1803. This only happens on systems that don’t have a TPM and use a password protector instead.

What happens is that after the CU is applied and the system restarts, Bitlocker is automatically suspended on the operating system drive and remains that way until either the user manually resumes it, or the system is rebooted. This did not happen in 1709, and I’ve reproduced it on clean installs and even in a Virtualbox VM. I’ve also noticed that it happened on my wife’s company machine (where it remained suspended for a week because she doesn’t restart daily).

While Bitlocker is suspended, the encryption key is available in the clear and so is something of a security risk. Not a major risk because exploiting it requires physical access and that access is also time constrained (it must happen immediately after a CU is applied), but a risk nontheless.

I’ve posted on Technet about my adventure with this, and reported it in the Feedback Hub. Eventually, 2 other posters confirmed the behaviour on Technet, and I’ve seen it on my machine and my wife’s work machine. I’d be interested in hearing from others seeing this (remember: 1803, no TPM) to see how widespread this may be. Also, apart from reporting via Feedback Hub, how does one report this sort of issue to Microsoft?

Edit: if you haven’t noticed it happening and want to check, you can check the Bitlocker logs: Event Viewer -> Applications and Services Logs -> Microsoft -> Windows -> Bitlocker-API -> Management. Look for warnings, the dates should correlate with the CU’s listed in Windows Update history.

Post Reply