
Microsoft WinRE Weakness Exposes Devices to UEFI Password Bypass Attacks
A newly disclosed vulnerability in Microsoft’s Windows Recovery Environment (WinRE) could allow attackers with physical or administrative access to bypass firmware-level security controls, including administrator-configured UEFI/BIOS passwords. The vulnerability, tracked as CVE-2026-45585, highlights a critical gap in how recovery environments interact with pre-boot security controls. Microsoft Windows 10 and 11 include WinRE, a built-in recovery […]
The post Microsoft WinRE Weakness Exposes Devices to UEFI Password Bypass Attacks appeared first on Cyber Security News.