check before: 2023-10-01
Product:
Windows, Windows Server
Platform:
Online, Windows Desktop, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Updated June 9, 2026: This message has been updated to reflect the availability of the June 2026 security update, which addresses CVE-2026-45585. If you have applied the temporary mitigations documented prior to this update's release, you do not need to revert it once you install the update.
Microsoft has updated the mitigation guidance in CVE-2026-45585, a Windows BitLocker security feature bypass vulnerability. The June 2026 security update that addresses this vulnerability is now available. Note that a limited set of Windows versions are affected: Windows 11, versions 26H1, 25H2, and 24H2, and Windows Server 2025.
When will this happen:
The June 2026 security update and the updated mitigation guidance are available now.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2026-05-22
updated:
2026-06-10
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Increased Security Risk
Failure to apply the updated mitigation script may leave Windows devices vulnerable to security breaches, potentially leading to data theft or loss.
- roles: IT Security Manager, System Administrator
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
User Data Exposure
Without proper mitigation, users' sensitive data on devices using BitLocker may be at risk, especially for employees traveling with work devices.
- roles: End User, Data Protection Officer
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
Operational Disruption
If the vulnerability is exploited, it could lead to operational disruptions, affecting business continuity and user productivity.
- roles: IT Operations Manager, Business Continuity Planner
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
Increased Support Tickets
Failure to implement the mitigation may result in an increase in support requests from users experiencing issues related to the vulnerability.
- roles: Help Desk Technician, IT Support Specialist
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
Compliance Risks
Not addressing the vulnerability could lead to non-compliance with data protection regulations, resulting in potential legal and financial penalties.
- roles: Compliance Officer, Legal Advisor
- references: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-06-10 | MC prepare | Organizational environments using BitLocker on affected Windows versions should review the updated guidance in the Microsoft Security Update Guide to determine whether applying the mitigation is necessary.
Additional information: CVE-2026-45585: Windows BitLocker Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585#faq | Organizational environments using BitLocker on affected Windows versions should review the updated guidance in the Microsoft Security Update Guide to determine the appropriate action for their environment.
Additional information: CVE-2026-45585: Windows BitLocker Security Feature Bypass Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585 |
| 2026-06-10 | MC Last Updated | 05/22/2026 01:31:01 | 2026-06-09T19:28:09Z |
| 2026-06-10 | MC Messages | Microsoft has updated the mitigation guidance in CVE-2026-45585, a Windows BitLocker security feature bypass vulnerability. The updated guidance replaces previously documented manual mitigation steps with a script that helps reduce exposure while a future security update is developed to address this vulnerability. Note that a limited set of Windows versions are affected: Windows 11, versions 26H1, 25H2, and 24H2, and Windows Server 2025.
When will this happen: The updated mitigation guidance and script are available now. | Updated June 9, 2026: This message has been updated to reflect the availability of the June 2026 security update, which addresses CVE-2026-45585. If you have applied the temporary mitigations documented prior to this update's release, you do not need to revert it once you install the update.
Microsoft has updated the mitigation guidance in CVE-2026-45585, a Windows BitLocker security feature bypass vulnerability. The June 2026 security update that addresses this vulnerability is now available. Note that a limited set of Windows versions are affected: Windows 11, versions 26H1, 25H2, and 24H2, and Windows Server 2025. When will this happen: The June 2026 security update and the updated mitigation guidance are available now. |
| 2026-06-10 | MC End Time | 05/22/2027 01:30:59 | 2027-06-09T19:28:07Z |
| 2026-06-10 | MC Start Time | 05/22/2026 01:30:59 | 2026-06-09T19:28:07Z |
| 2026-06-10 | MC Title | Take action: Mitigation guidance updated with a new script for CVE 2026 45585 | (Updated) Take action: Mitigation guidance updated with a new script for CVE-2026-45585 |
| 2026-06-10 | MC How Affect | Windows devices that use BitLocker may be exposed to this vulnerability if mitigations are not applied. Organizational environments that previously implemented the documented manual mitigation steps do not need to take additional action, as the script only simplifies deployment of the existing mitigation.
Organizations that have not yet taken action should assess their exposure to this vulnerability and determine whether mitigation is appropriate. Microsoft recommends that organizations consider implementing this mitigation if devices and data may be at risk of being compromised or stolen. For example, this may apply if your organization's employees take their work devices home or on business travel. | Microsoft recommends applying the June 2026 security update to address this vulnerability. Windows devices that use BitLocker may be exposed if mitigations are not applied. Organizational environments that previously implemented the manual mitigation steps or the mitigation script do not need to take additional action, and the previously applied mitigation does not need to be reverted. |
Last updated 1 day ago ago
