A security researcher has published a working proof-of-concept for a new Windows vulnerability that can bypass BitLocker — the built-in encryption that protects your files if your laptop is ever lost or stolen. With this flaw, an attacker who gets physical access to your device can potentially read all your protected files without knowing your password or PIN.
The good news is that this attack requires the person to physically hold your computer; no one can exploit it remotely over the internet. Microsoft has not yet released a patch, so for now the best protection is keeping your device in your possession and making sure Windows Update is up to date.
How to check if you’re affected
Affected versions include Windows 10 and Windows 11 devices with BitLocker enabled. To see if BitLocker is on, search “Manage BitLocker” in the Start menu — if it shows your drive as “On,” you have encryption active. While physical presence is required to exploit this flaw, taking a few extra precautions is worthwhile:
- Never leave your laptop unattended in a public place, car, or hotel room.
- Set a strong login PIN or password so a casual thief can’t log in easily.
- Open Settings → Windows Update and install any available updates — a patch may arrive soon.