GreatXML exploit enables BitLocker bypass via recovery partition manipulation (opens in new tab)

A new security vulnerability known as GreatXML allows attackers to bypass BitLocker drive encryption by manipulating files within the Windows recovery partition. The exploit involves placing specific XML files, including an unattended setup file and a recovery configuration file, into the root of the recovery partition. Systems that have previously initiated a Microsoft Defender offline scan are reportedly vulnerable to this attack by default. <a href="