News

Microsoft Defends BitLocker, Issues SP2 Updates

Microsoft defended its BitLocker data encryption tool last week after a hack was demonstrated that might affect it.

A presenter at the Black Hat Washington, D.C. conference in early February had compromised the trusted platform module (TPM) in a machine. Microsoft leverages TPM hardware in conjunction with its BitLocker drive encryption tool to help protect data from unauthorized access in mobile PCs.

Windows security blogger Paul Cooke assured the public that the BitLocker encryption tool in Windows 7 is up to snuff.

"With our design for BitLocker in Windows 7, we took into account the theoretical possibility that a TPM might become compromised due to advanced attacks or because of poor designs and implementations," he wrote.

Cooke suggested that even the most sophisticated hackers will be thwarted due to the use of user-defined personal identification numbers (PINs) with BitLocker.

"The engineering team changed the cryptographic structure for BitLocker when configured to use enhanced PIN technology," Cooke stated, pointing to a BitLocker FAQ.  "As a result, an attacker must not only be able to retrieve the appropriate secret from the TPM, they must also find the user-configured PIN."

Microsoft apparently has had problems with some implementations of BitLocker. Last week, Microsoft reissued updates to help BitLocker work properly on Service Pack 2 versions of Windows Vista and Windows Server 2008.

BitLocker was first released in January 2007 and is designed to guard data by encrypting files and tracking boot components, according to Microsoft's description. It's offered as a feature in the Ultimate and Enterprise editions of Windows 7 and Windows Vista. BitLocker is also available in Windows Server 2008 R2 and Windows Server 2008.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.