Microsoft WinRE Vulnerability Allows Bypass of UEFI/BIOS Passwords

A vulnerability in Microsoft Windows Recovery Environment (WinRE) has been disclosed, allowing attackers to bypass UEFI and BIOS password protections. This issue, tracked as CERT/CC VU#226679 and CVE-2026-45585, affects Windows 10 and 11 systems utilizing WinRE for recovery. The flaw arises from inconsistencies in firmware security controls during recovery operations, potentially enabling unauthorized access for attackers with physical or administrative access. Scenarios resembling 'Evil Maid' attacks, where an attacker gains temporary physical access to a device, are particularly concerning. Organizations are advised not to rely solely on UEFI/BIOS passwords for security in environments where WinRE is accessible. As of now, the vulnerability has been publicly disclosed, but there are no reports of active exploitation. Security professionals should implement additional controls to mitigate risks associated with physical access and privileged-user attacks.

Key Points: • The WinRE vulnerability allows bypassing UEFI/BIOS password protections. • Affected systems include Windows 10 and 11 using WinRE for recovery. • Organizations should implement additional security controls beyond UEFI/BIOS passwords.