Tag

Winre

All articles tagged with #winre

Cloud Rebuild: Windows 11’s USB-free path to a fresh OS
technology1 hour ago

Cloud Rebuild: Windows 11’s USB-free path to a fresh OS

Microsoft’s Cloud rebuild for Windows 11, currently in preview, reformats the system drive and reinstalls Windows 11 by downloading the OS and drivers from Windows Update via WinRE, offering a USB-free recovery that can return a PC to a known-good state. It isn’t a repair tool: locally installed apps and settings on the system drive are erased (OneDrive-synced files can be restored later), and the process requires compatible hardware, internet access, and WinRE to work; enterprise-use scenarios with Windows Autopilot and Intune are planned for future releases.

Windows 11’s new recovery feature may eat up to 50GB, but it powers quick fixes for boot loops
technology14 days ago

Windows 11’s new recovery feature may eat up to 50GB, but it powers quick fixes for boot loops

Microsoft’s Windows 11 Point-in-time Restore is a built-in OS-recovery feature that creates daily OS-volume restore points to help fix boot loops. It arrives with the June 2026 KB5095093 update and, on 200GB+ OS drives, auto-enables after the June/July updates. It can use up to 50GB of disk space (2% of disk size, with a floor of 2GB and a ceiling of 50GB), allocated on demand via VSS and reserved storage. Restore points are kept for 72 hours by default, with enterprise IT admins able to adjust frequency and retention. The feature only affects the OS volume and does not touch secondary drives or cloud file synchronizations; restores run through Windows Recovery Environment (WinRE) and can take about 30 minutes. Smaller drives (<200GB) stay off by default but can be enabled manually.

GreatXML Bypass Unlocks BitLocker via WinRE XML Files
security1 month ago

GreatXML Bypass Unlocks BitLocker via WinRE XML Files

Security researcher Chaotic Eclipse unveiled GreatXML, a new Windows BitLocker bypass that places crafted unattend.xml and Recovery/WindowsRE/ReAgent.xml on the recovery partition and, after rebooting into WinRE, spawns a shell with unrestricted access to the BitLocker volume. It builds on a recent Defender-related exploit and is the second BitLocker bypass from the researcher, with Microsoft having patched a prior bypass (YellowKey CVE-2026-45585) this Patch Tuesday.

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows
cyber-security1 month ago

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows

Two new unpatched Windows BitLocker zero-days—YellowKey (encryption bypass) and GreenPlasma (privilege escalation)—were disclosed after Patch Tuesday, leaving Windows 11 and Windows Server 2022/2025 exposed. YellowKey exploits the Windows Recovery Environment to bypass full-disk encryption, granting attackers full access to the system drive with physical access; GreenPlasma could enable unauthorized commands via arbitrary memory-section creation, enabling persistence and potential kernel-level access. There is no official patch yet; mitigations include enabling a BitLocker PIN, enforcing robust BIOS passwords, guarding WinRE against tampering, and restricting physical access until Microsoft releases fixes. Windows 10 is not affected.

Chaotic Eclipse leaks PoCs for Windows BitLocker bypass and privilege escalation
technology1 month ago

Chaotic Eclipse leaks PoCs for Windows BitLocker bypass and privilege escalation

Cybersecurity researcher Chaotic Eclipse has released PoCs for two Windows zero-days, YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation), linked to the Chaotic Eclipse/Nightmare Eclipse set. YellowKey exploits WinRE via specially crafted FsTx files to bypass BitLocker on Windows 11 and Server 2022/2025, potentially affecting TPM-only configurations; GreenPlasma could enable a SYSTEM-level shell, though its PoC is incomplete. The disclosures follow earlier flaws (BlueHammer, RedSun) and ongoing leaks, with Microsoft saying it is investigating and supporting coordinated disclosure as Patch Tuesday nears.

Microsoft's October 2025 Windows 11 Update Causes Critical Recovery and Localhost Failures
technology8 months ago

Microsoft's October 2025 Windows 11 Update Causes Critical Recovery and Localhost Failures

Microsoft has confirmed that the October 2025 update for Windows 11 (KB5066835) causes a bug that disables mouse and keyboard functionality in the Windows Recovery Environment (WinRE), making it unusable. The issue affects navigation within WinRE, although USB devices still work within the main OS. Microsoft is investigating and plans to release an out-of-band update to fix the problem. As a temporary workaround, users can revert to an older version of the WinRE image or uninstall the problematic update.

"Microsoft addresses BitLocker vulnerabilities with PowerShell scripts"
cybersecurity3 years ago

"Microsoft addresses BitLocker vulnerabilities with PowerShell scripts"

Microsoft has released PowerShell scripts to fix a BitLocker security bypass vulnerability in the Windows Recovery Environment (WinRE) for Windows 10 and 11 systems. The vulnerability could allow access to encrypted data in storage devices. The scripts enable enterprises to automatically update WinRE images to protect Windows devices. The flaw can only be exploited on systems with the winre.wim on the recovery partition.