CVE-2022-41099

MEDIUM

Microsoft Windows BitLocker - Security Feature Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2022-41099. PoCs published by o0MattE0o, dsn1321, g-gill24.

AI-analyzed exploit summary This repository contains PowerShell scripts to detect and patch CVE-2022-41099, a vulnerability in Windows Recovery Environment (WinRE). The primary script checks for vulnerable WinRE versions and replaces the outdated winre.wim file.

Description

BitLocker Security Feature Bypass Vulnerability

Exploits (4)

nomisec WORKING POC 3 stars
by o0MattE0o · poc
https://github.com/o0MattE0o/CVE-2022-41099-Fix

This repository contains PowerShell scripts to detect and patch CVE-2022-41099, a vulnerability in Windows Recovery Environment (WinRE). The primary script checks for vulnerable WinRE versions and replaces the outdated winre.wim file.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows Recovery Environment (WinRE) on Windows 10/11 (Build 19044.2486)
Auth required
Prerequisites: Administrative privileges · Windows 10/11 with vulnerable WinRE version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by dsn1321 · poc
https://github.com/dsn1321/KB5025175-CVE-2022-41099

This PowerShell script patches the Windows Recovery Environment (WinRE) to address CVE-2022-41099 by applying a Microsoft-provided update package. It checks for BitLocker status, verifies OS version compatibility, and ensures the update is applied correctly.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Windows Recovery Environment (WinRE) on Windows 10/11
Auth required
Prerequisites: Administrative access · Microsoft update package for CVE-2022-41099
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by g-gill24 · poc
https://github.com/g-gill24/WinRE-Patch

This PowerShell script patches CVE-2022-41099 by downloading and applying the appropriate Windows Update MSU file to the WinRE (Windows Recovery Environment) partition. It checks the current WinRE version, downloads the corresponding patch, and applies it using DISM and ReAgentC.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Windows Recovery Environment (WinRE) on Windows 10/11
Auth required
Prerequisites: Administrative privileges · Internet access to download MSU files · WinRE partition present
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by tylermontneyacc · poc
https://github.com/tylermontneyacc/UpdateWindowsRE-CVE-2022-41099

This repository contains a PowerShell script to patch the Windows Recovery Environment (WinRE) against CVE-2022-41099 by applying Microsoft's cumulative updates. It includes automated partition resizing and DISM package handling.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Windows Recovery Environment (WinRE) on Windows 10/11
Auth required
Prerequisites: Administrative privileges · GPT disk with existing WinRE partition · Internet access to download MSU patches
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 4.6
EPSS 0.0226
EPSS Percentile 85.1%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (9)
microsoft/windows_10
microsoft/windows_10 20h2
microsoft/windows_10 21h1
microsoft/windows_10 21h2
microsoft/windows_10 22h2
microsoft/windows_10 1607
microsoft/windows_10 1809
microsoft/windows_11 (2 CPE variants)
microsoft/windows_11 22h2 (2 CPE variants)
Published Nov 09, 2022
Tracked Since Feb 18, 2026