Windows Hello for Business Vulnerable to Biometric Bypass Attacks

Published Date : 8/8/2025 

German cybersecurity researchers have uncovered a significant vulnerability in Windows Hello for Business, which could allow attackers to bypass biometric authentication. This flaw could compromise the security of corporate networks and assets. 

Organizations are increasingly turning to biometrics to secure their corporate networks and assets, but German cybersecurity researchers have found what they say is a flaw in the implementation of Windows Hello for Business that could make it vulnerable to bypass attacks.

Dr. Baptiste David and Tillmann Osswald of ERNW Research presented their findings at the Black Hat conference in Las Vegas. They explained that a code injection attack can enable a biometric injection attack from another PC, which would compromise biometric authentication, granting access to any face or fingerprint submitted.

Business users authenticate with Windows Hello to access company servers through digital identity and access management (IAM) platforms like Entra ID or Active Directory. The attack works by identifying information within the CryptProtectData software that secures the database containing the cryptographic key linked to the Windows Biometric Service to break the encryption. Microsoft provides Enhanced Sign-in Security (ESS) software, which blocks the attack from its hypervisor virtual trust level (VTL1) by default. However, not all PCs support ESS.

Tillmann Osswald told The Register that PCs that do not use Intel chips may not have a secure camera sensor, so they cannot use ESS. Osswald describes the attack process in-depth in a recent blog post. A June post details how Hello authentication works, along with previously discovered attacks on Windows Hello for Business.

Potential fixes could involve storing biometric data in the Trusted Platform Module (TPM) or a major code rewrite. Their findings come from a two-year research program, Windows Dissect, which is intended to uncover security flaws in the world’s most popular desktop OS, and is supported by Germany’s Federal Office for Information Security (BSI).

ERNW Research is a leading cybersecurity firm that specializes in vulnerability assessments and penetration testing. The company’s research has significantly contributed to the understanding of security vulnerabilities in widely used technologies, helping organizations to better protect their systems and data. 

Frequently Asked Questions (FAQS): 

Q: What is Windows Hello for Business?

A: Windows Hello for Business is a biometric authentication feature provided by Microsoft that allows users to log in to their corporate networks using facial recognition, fingerprint, or iris scanning instead of traditional passwords.

Q: What is the vulnerability found in Windows Hello for Business?

A: The vulnerability involves a code injection attack that can enable a biometric injection attack from another PC, potentially compromising biometric authentication and granting unauthorized access to corporate networks.

Q: How does the attack work?

A: The attack works by identifying and exploiting information within the CryptProtectData software, which secures the database containing the cryptographic key linked to the Windows Biometric Service, thereby breaking the encryption.

Q: What is Enhanced Sign-in Security (ESS) and how does it help?

A: Enhanced Sign-in Security (ESS) is a feature provided by Microsoft that blocks the attack from the hypervisor virtual trust level (VTL1) by default, enhancing the security of biometric authentication.

Q: What are potential fixes for this vulnerability?

A: Potential fixes include storing biometric data in the Trusted Platform Module (TPM) or conducting a major code rewrite to address the security flaw. 

More Related Topics :