It has been quite a tumultuous month for Microsoft, where just last week on July 18, an update to a widely-used security tool called CrowdStrike Falcon caused a global outage that saw critical companies, infrastructure, emergency services and shopping chains come to a complete halt. When everyons first thought was, Dammit, Microsoft! - the company was quick to come out and denounce the update as their own, pointing their finger at CrowdStrike.
Not quite a full week later, while system administrators and IT staff are still struggling to recover from the chaos that update caused, we're now faced with yet another bug causing chaos from updates.
Have your BitLocker key handy for those reboot cycles.
BitLocker is a security mechanism in Microsoft Windows that securely encrypts data on the hard drive. It's meant to protect the files on the disk from being accessed by someone who has come in to physical possession of the disks and placed them in to another machine or has tried to access it by other means. It typically does not prompt you to unlock it, as the unlock functionality is automatic provided the disk is still in the same machine.
Ironically, the CrowdStrike outage somewhat masked the issue because it also resulted in a substantial amount of Google searches around BitLocker due to how many administrators were faced with BitLocker key prompts while trying to boot in to Safe Mode to recover those systems. However, this latest issue discovered is an entirely separate bug introduced by completely separate set of patches - this time, to Microsoft's own fault.
It's a bad month for tech.
While the amount of outages we have been seeing in tech is continuing to grow, having this many back-to-back breakages from deployments of patches on something as critical as an Operating System is something we have not previously seen so commonly. What makes these particular issues even worse is the fact that there is no automation to easily resolve them, both requiring physical hands-on to fix.
BitLocker usage is generally common, particularly amongst company Windows machines. Data leakage risks exist from many vectors: bad-actors internally in a company, IT vendors selling customers decommissioned hard drives and systems without ensuring they've been properly wiped and even theft of an entire machine. Companies are being pressured to do more to secure their data.
Laws around Personally Identifiable Information (PII) and Nonpublic Personal Information (NPI) are rapidly increasing and organizations can be held accountable for those leaks, facing major fines and even potential criminal prosecution. BitLocker is relied on as just one of the lines of defence by providing Encryption at Rest. Unfortunately, it's now ensuring system administrators and tech support staff are not getting any rest this month.