✨ This week on the Intune Weekly Security Report, we're bringing you the essential security intel seasoned Intune administrators need for managing Windows 10, Windows 11, and Microsoft Edge environments. If you're tackling the ever-evolving world of Windows security, this episode is a must-listen! 🎧

We cut through the noise ✂️, focusing on the Portal Fuse Weekly Security Report from May 20th, 2025, crucial Microsoft updates, and a deep dive into that frustrating Windows 10 BitLocker recovery screen loop (now resolved! ✅). We're covering:

• An important elevation of privilege vulnerability affecting older Windows Server versions (Server 2008 & 2008 R2).
• Critical Microsoft Edge (Chromium-based) security updates – heads up, one has a known exploit in the wild!
• A detailed breakdown of the BitLocker recovery loop issue: what caused it on specific Windows 10 setups and, most importantly, how it was fixed. This one offers lessons for all Windows admins! 👨‍💻👩‍💻

Tune in to get the scoop on the latest threats ⚠️, see which systems (including Windows 10 and Microsoft Edge) are in the hot seat, and learn the precise steps to mitigate these risks efficiently. We'll also discuss using tools like Intune for smooth deployment and management, plus clarify which issues don't affect Windows 11, helping you focus your efforts. 🎯

Dig deeper with our analysis on the blog: PortalFuse Weekly Security Report - May 20, 2025 | Blog | PortalFuse📄

And get the full report here: PortalFuse Weekly Security Update Report - (Windows and Edge Edition) 📂

Video Timeline:

• 00:00 🚀 - Welcome & Overview: Focusing on the Portal Fuse Weekly Security Report (May 20th, 2025), Microsoft updates (relevant for Intune admins), and a resolved known issue affecting Windows 10 BitLocker.
• 00:32 🛡️ - Windows Server Security: Deep dive into an elevation of privilege vulnerability affecting Windows Server 2008 & 2008 R2. We discuss the "use after free" nature, impact (kernel-level access), and the fact it requires no user interaction.
• 01:12 💻 - Affected Server Systems & Action: Pinpointing the specific older server operating systems vulnerable and the immediate need for out-of-band updates, even if recently patched.
• 02:14 🌐 - Critical Microsoft Edge Vulnerabilities: Discussion of two critical security flaws in Chromium-based Microsoft Edge.
• 02:20 🔥 - Microsoft Edge Vulnerability 1 (Exploited!): Details on an insufficient policy enforcement issue in the browser loader, rated critical, with Google confirming an exploit exists in the wild.
• 02:52 ⬆️ - Microsoft Edge Update Required: The specific Microsoft Edge version (136.0.3240.76) needed to address these critical flaws, released May 15th.
• 03:05 👾 - Microsoft Edge Vulnerability 2 (Arbitrary Code Execution): Examining a Chromium-derived issue involving the Mojo framework that could lead to arbitrary code execution.
• 03:49 🔧 - Resolved: Windows 10 BitLocker Recovery Loop: Addressing the disruptive issue where Windows 10 devices were stuck on the BitLocker recovery screen.
• 04:03 🎯 - BitLocker Issue - Trigger Conditions: Detailing the very specific combination of Windows 10, Intel Trusted Execution Technology (TXT) enabled on 10th gen or later vPro processors, and a particular May 2025 security update (KB5058379) that caused the BitLocker problem.
• 04:40 📉 - BitLocker Issue - Technical Cause & Indicators: Explanation of how the LSASS could crash on Windows 10, leading to the BitLocker loop, and event log IDs to look for (Event ID 20, Event ID 1007).
• 05:41 🖥️ - BitLocker Issue - Affected Platforms (Windows 10 focus): Clarifying this only impacted specific Windows 10 versions (22H2 & LTSC 2021) with the precise hardware, not Windows 11 or Server.
• 06:00 🩹 - BitLocker Issue - Resolution & Patch: The out-of-band update (KB5061768) released to fix this Windows 10 issue, available only via the Microsoft Update Catalog.
• 06:17 👉 - BitLocker Fix - Guidance (Proactive for Windows 10): Advice for Intune admins on how to handle the problematic May update for relevant Windows 10 machines.
• 06:31 🛠️ - BitLocker Fix - Guidance (Affected Windows 10 Devices): Multi-step recovery process for Windows 10 machines already stuck in the BitLocker loop, including the need for the recovery key and temporary BIOS/UEFI changes (disabling Intel VT-d/TXT).
• 07:28 🔑 - Critical Reminder: BitLocker Recovery Keys: Emphasizing that Microsoft Support cannot recover lost BitLocker keys for Windows 10 or any OS.
• 07:40 📝 - Summary of Key Actions (for Intune Admins):
  • Server 2008/R2: Deploy specific out-of-band updates.
  • Microsoft Edge: Update to the latest version (136.0.3240.76) to fix two critical flaws.
  • Windows 10 (specific configurations): Obtain the out-of-band BitLocker fix (KB5061768) from the Microsoft Update Catalog.
• 08:32 🤔 - Final Thoughts: Discussing the increasing complexity of security across the Windows ecosystem (including Windows 10, Windows 11, Microsoft Edge) and the critical need for precise patching (often managed via Intune) and robust testing