Microsoft Gave BitLocker Keys to the FBI!

-


Short answer:
Yes — in one specific, legally compelled case — Microsoft provided BitLocker recovery keys to the FBI because the user had stored those keys in Microsoft’s cloud, and a valid search warrant required Microsoft to hand them over. This is the first publicly known instance of such a disclosure.

Below is what the evidence shows:

What actually happened

Multiple independent reports confirm the same core facts:

The FBI, during a fraud investigation in Guam, obtained a warrant for three BitLocker‑encrypted laptops. Microsoft had the recovery keys because they had been backed up to the user’s Microsoft account, which is the default on many Windows 11 systems.

Microsoft complied with the warrant and gave investigators the keys, allowing them to unlock the drives.

• Microsoft says it receives around 20 requests per year for BitLocker recovery keys, but cannot fulfill most of them because the keys often are not uploaded to the cloud.

• This Guam case is the first publicly documented instance where such keys were actually handed over.

Why Microsoft can hand over BitLocker keys

From the reporting:

• BitLocker keys stored in the cloud are accessible to Microsoft.
• With a valid legal order, Microsoft is obligated to comply.
• If the keys are not stored in the cloud, Microsoft cannot provide them.

Other companies (Apple, Meta) use architectures where they themselves cannot access user keys — meaning even with a warrant, they have nothing to hand over.

Microsoft’s system does not work that way by default.

So did Microsoft “give out our keys to the FBI”?

Technically:

They gave out one user's cloud‑stored recovery keys in response to a lawful warrant.
They did not give out everyone’s keys, nor do they have access unless a user’s key is saved to the cloud.

The reporting shows that the controversy is about default settings, not a secret program:

  • Windows 11 backs up BitLocker keys automatically when you sign in with a Microsoft account.
  • Users can disable cloud backup — but many don’t realize the key is being uploaded.

If you want to avoid this

Since you're concerned, you can:

  1. Check whether your key is stored in the cloud (Microsoft account → Devices → BitLocker keys).
  2. Disable automatic cloud backup when setting up a new PC.
  3. Store your recovery key offline (USB drive, printed copy).


Popular posts from this blog

WSUS CVE-2025-59287 Mitigation

-
Image
CVE-2025-59287 is a critical Remote Code Execution (RCE) vulnerability affecting Windows Server Update Services (WSUS) . Here's a detailed breakdown of what it is, how it works, and what you should do about it: Overview Disclosed: October 2025 Patch Tuesday CVSS Score: 9.8 (Critical) Affected Systems: Windows Server 2012 through 2025 (including Server Core installations) Exploitability: Microsoft rates it as “Exploitation More Likely” Technical Details The vulnerability arises from unsafe deserialization of untrusted data in WSUS. Specifically, the GetCookie() endpoint in WSUS processes encrypted AuthorizationCookie objects without proper type validation. The deserialization occurs via .NET BinaryFormatter , which is known to be insecure when handling untrusted input. Attackers can send a crafted SOAP request to WSUS over port 8530 , containing a malicious AuthorizationCookie . The cookie is decrypted using a hardcoded AES key and then deserialized, allow...
Read more

Cloud Infrastructures are Having a Bad Week

-
Image
  Today’s disruptions across Microsoft Azure and Amazon Web Services (AWS) were significant, but they’re not signs of cloud computing’s demise. Instead, they underscore the risks of centralization and the importance of designing systems that can withstand provider-level failures. What happened today? • Microsoft Azure outage: Azure’s Front Door service suffered a major disruption due to a misconfiguration, impacting services like Outlook, Xbox, Microsoft 365, and even third-party platforms like Starbucks and Alaska Airlines. The Azure website states a little more than disruption. "Azure Front Door - Connectivity issues - Observing recovery Starting at approximately 16:00 UTC on 29 October 2025, customers and Microsoft services leveraging Azure Front Door (AFD) may have experienced latencies, timeouts, and errors. We have confirmed that an inadvertent configuration change was the trigger event for this issue. Affected Azure services may have included, but were not limited to: App S...
Read more

CVE-2025-58034 Fortinet Warnings and Mitigation

-
Image
Type: OS Command Injection vulnerability (CWE-78) Affected Product: Fortinet FortiWeb (Web Application Firewall) Affected Versions: 8.0.0 – 8.0.1 7.6.0 – 7.6.5 7.4.0 – 7.4.10 7.2.0 – 7.2.11 7.0.0 – 7.0.11 [nvd.nist.gov] , [cvedetails.com] Description The vulnerability is caused by improper neutralization of special elements used in OS commands . An authenticated attacker can exploit this flaw by sending crafted HTTP requests or CLI commands , allowing them to execute arbitrary code on the underlying system. This can compromise the integrity, confidentiality, and availability of the device. [nvd.nist.gov] , [cvedetails.com] Severity CVSS v3.1 Base Score: 7.2 (High) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Impact: High on Confidentiality, Integrity, and Availability [cvedetails.com] Exploitation Status Actively Exploited: Yes. Fortinet confirmed expl...
Read more