Last year Microsoft issued a security advisory regarding a new vulnerability that affects hardware-based encryption on SSDs. The vulnerability was first discovered by Dutch security researchers Carlo Meijer and Bernard von Gastel from Radboud University who published a paper titled “weaknesses in the encryption of solid state drives”.
It turned out Microsoft was trusting SSDs who claimed that they self-encrypted to be secure, but that many of these drives were vulnerable to hardware hacks which exposed the content of the drives to determined hackers.
Microsoft suggested Windows 10 Admins switch to software encryption for affected drives, and now, with KB4516071 Microsoft switched to software encryption by default, even when the SSD claims to offer hardware encryption.
“Changes the default setting for BitLocker when encrypting a self-encrypting hard drive. Now, the default is to use software encryption for newly encrypted drives. For existing drives, the type of encryption will not change.”
Software encryption is of course slower and more processor intensive, and users can still switch to hardware encryption if they trust the drive, but the default should now be more secure for everyone concerned.