Confused Recovery: A New Attack Class on Windows Recovery

The Windows Recovery Environment (WinRE) is a foundational component of the Windows stack, embedded in over a billion devices worldwide. It plays a critical role in recovering systems from various types of severe failures.

A fundamental requirement for any recovery operation is identifying its associated disk volume. To meet this requirement, volume lookup functionalities are implemented separately in both the WinRE boot phase and the WinRE runtime phase. Historically, maintaining two separate mechanisms for retrieving the same information has proven fragile and error prone. This raises a critical question: what happens when these lookup mechanisms fall out of sync?

In this talk, we introduce a new and novel attack class on WinRE. Our exploration begins with an analysis of the various volume lookup logics and the inconsistencies between them. We then reveal 4 unique vulnerabilities that confuse WinRE to mistakenly recover an attacker-controlled volume instead of the intended associated volume. Building on these confusion primitives, we present 2 exploitation techniques that escalate the impact to a full BitLocker bypass, allowing extraction of all BitLocker-protected secrets in several different ways.

To conclude the presentation, we will share how we collaborated with the engineering teams to develop a comprehensive, end-to-end mitigation that addresses the entire attack class. This talk offers valuable insights into the intersection of BitLocker, Windows Boot, and Windows Recovery, highlighting how combining knowledge across these domains leads to impactful results.

The Windows Recovery Environment (WinRE) is a highly privileged yet under examined component of the Windows security model. Designed to recover systems from severe failures, WinRE routinely operates in an unlocked state when BitLocker is enabled, granting it access to encrypted volumes under strict trust assumptions. This talk introduces Confused Recovery, a new attack class that breaks those assumptions by exploiting subtle inconsistencies in how WinRE identifies and associates the operating system volume across its boot and runtime phases.

We show that WinRE implements multiple, independent volume association mechanisms - spanning boot and OS runtime logic - that are intended to resolve the same security-critical question: which volume is the trusted, BitLocker protected OS? Our research demonstrates that these mechanisms are not only distinct, but imperfectly synchronized. By carefully manipulating these inconsistencies, an attacker can reliably confuse WinRE into treating an attacker controlled volume as the associated OS - after the legitimate BitLocker encrypted volume has already been unlocked.

Building on this confusion primitive, we present four distinct vulnerabilities affecting WinRE’s association logic, each arising from a different desynchronization point between boot time and runtime decision making. We then introduce two exploitation techniques that transform this primitive into full compromise: one that abuses Push Button Reset to decrypt arbitrary BitLocker-encrypted volumes, and another that achieves arbitrary code execution inside WinRE via the System Repair Tool, ultimately enabling extraction of all BitLocker protected secrets.

We walk through the root cause analysis that led from logic vulnerabilities to a generalized exploitation strategy, and conclude by discussing the end to end mitigation developed in collaboration with Microsoft engineering teams - designed to eliminate the attack class as a whole rather than patching individual findings.

This presentation is aimed firmly at TROOPERS’s technical audience: it dives deep into internals of Windows Boot, Windows Recovery, BitLocker and the trust boundaries involved. Attendees will leave with a concrete understanding of how recovery environments can undermine data-at-rest protection features - and potentially how similar classes of vulnerabilities can be identified in other recovery components.