Microsoft has officially announced a significant upgrade to its encryption technology: hardware-accelerated BitLocker.
Revealed by Microsoft’s Rafal Sosnowski following the Ignite conference, this new feature is designed to eliminate performance bottlenecks that have plagued high-speed storage drives, ensuring that users no longer have to choose between robust data protection and system speed.
Addressing the NVMe Performance Gap
For years, BitLocker has been the gold standard for Windows data protection. However, the rapid advancement of Non-Volatile Memory Express (NVMe) technology has created a new challenge.
Modern NVMe drives have become so fast that the central processor (CPU) struggles to encrypt and decrypt data in real time without slowing the system.
This “overhead” has become noticeable for users performing intensive tasks like high-end gaming, video editing, or compiling large codebases.
To address this, Microsoft’s new solution shifts the heavy lifting of encryption from the main CPU to a dedicated cryptographic engine within the System on Chip (SoC).
Key Features and Benefits
The new hardware-accelerated BitLocker introduces two primary capabilities:
- Crypto Offloading: By moving bulk encryption tasks to a dedicated engine, Microsoft reports a 70% reduction in CPU usage compared to traditional software BitLocker. This allows storage performance to approach the raw speed of an unencrypted drive.
- Hardware-Protected Keys: Encryption keys are now “wrapped” in hardware by the SoC, adding a critical layer of protection against memory-based attacks. This moves Microsoft closer to its goal of completely removing encryption keys from the system’s main memory, mitigating the risk of attackers attempting to “sniff” keys from RAM.
Availability and Verification
Support for these features begins with the September 2025 update for Windows 11 (version 24H2) and the upcoming Windows 11 25H2 release.
The initial rollout will support upcoming Intel vPro devices featuring Intel Core Ultra Series 3 processors, with support for other hardware vendors planned for the future.
Users with compatible hardware can verify if the feature is active by running the command manage-bde -status as an administrator. If active, the “Encryption Method” will display as Hardware-accelerated.
Recent BitLocker Security Updates (CVEs)
This announcement follows a series of critical security updates patched in July 2025, where researchers identified “BitUnlocker” vulnerabilities in the Windows Recovery Environment.
| CVE ID | Severity | Description |
|---|---|---|
| CVE-2025-48800 | Critical | WIM Validation Bypass: Attackers could manipulate the Boot.sdi file to boot an untrusted recovery environment. |
| CVE-2025-48003 | High | ReAgent.xml Parsing Flaw: Allowed scheduling of malicious operations (e.g., executing command prompts) via XML manipulation. |
| CVE-2025-48804 | High | WinRE App Trust Bypass: Leveraged SetupPlatform.exe to gain persistent command-line access through keyboard shortcuts. |
| CVE-2025-48818 | High | BCD Parsing Vulnerability: Targeted Boot Configuration Data to redirect the OS location and decrypt volumes. |
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyber Press as a Preferred Source in Google.
link