A critical zero-day vulnerability in Windows 11 has rendered BitLocker encryption effectively useless on default installations, and Microsoft doesn't have a patch ready.
The exploit, detailed by security researchers, targets the way BitLocker stores encryption keys during the boot process. On machines using the default configuration - which is most of them - attackers with brief physical access can extract the encryption key and decrypt the entire drive.
Here's what makes this particularly bad: BitLocker is supposed to be the enterprise-grade security feature that protects sensitive data if a laptop is stolen or lost. Governments, corporations, and security-conscious individuals rely on it. The fact that default settings leave it vulnerable means millions of devices that think they're encrypted are actually wide open.
The vulnerability requires physical access to the machine, which limits the attack surface. But for the threat model BitLocker is designed to address - stolen laptops, border searches, physical theft - physical access is exactly what the encryption is meant to protect against.
Security researcher Alex Ionescu called it "a catastrophic failure of default security settings." The exploit doesn't require sophisticated tools - just a bootable USB drive and about five minutes alone with the target machine.
Microsoft's response has been to recommend enabling TPM-only mode, which closes the vulnerability but can cause boot issues on some hardware. The company hasn't committed to changing the default settings, likely because the more secure configuration breaks compatibility with older enterprise systems.
For organizations that have been telling employees their company laptops are "fully encrypted," this is an uncomfortable moment. The technology was there. The secure option existed. It just wasn't turned on by default, because security and convenience remain fundamentally in tension.
If you're running Windows 11 with BitLocker, check your configuration. The default settings aren't protecting you the way you think they are.
