Software Update: VeraCrypt 1.24-Update2

A second update for version 1.24 of VeraCrypt has been released. VeraCrypt, a fork of TrueCrypt, is an open source encryption program that can encrypt entire hard drives or partitions and virtual volumes. VeraCrypt uses the original source code of TrueCrypt, but includes several security improvements. Volumes created with TrueCrypt can simply be opened and converted. The changelog for this release can be found below.

All OSes:

• clear AES key from stack memory when using non-optimized implementation. Doesn’t apply to VeraCrypt official build (Reported and fixed by Hanno Böck)
• Update Jitterentropy RNG Library to version 2.2.0
• Start following IEEE 1541 agreed naming of bytes (KiB, MiB, GiB, TiB, PiB).
• Various documentation enhancements.

Windows:

• Fix possible local privilege escalation vulnerability during execution of VeraCrypt Expander (CVE-2019-19501)
• MBR boot loader:
  • workaround for SSD disks that don’t allow write operations in BIOS mode with buffers less than 4096 bytes.
  • Don’t restore MBR to VeraCrypt value if it is coming from a loader different from us or different from Microsoft one.
• EFI boot loader:
  • Fix “ActionFailed” not working and add “ActionCancelled” to customize handling of user hitting ESC on password prompt
  • Fix F5 showing previous password after failed authentication attempt. Ensure that even wrong password value are cleared from memory.
• Fix multi-OS boot compatibility by only setting VeraCrypt as first bootloader of the system if the current first bootloader is Windows one.
• Add new registry flags for SystemFavoritesService to control updating of EFI BIOS boot menu on shutdown.
• Allow system encrypted drive to be mounted in WindowsPE even if changing keyboard layout fails (reported and fixed by Sven Strickroth)
• Enhancements to the mechanism preserving file timestamps, especially for keyfiles.
• Fix RDRAND instruction not detected on AMD CPUs.
• Detect cases where RDRAND is flawed (eg AMD Ryzen) to avoid using it if enabled by user.
• Don’t write extra 0x00 byte at the end of DcsProp file when modifying it through UI
• Reduce memory usage of IOCTL_DISK_VERIFY handler used in disk verification by Windows.
• Add switch /FastCreateFile for VeraCrypt Format.exe to speedup creation of large file container if quick format is selected.
• Fix the checkbox for skipping verification of Rescue Disk not reflecting the value of /noisocheck switch specified in VeraCrypt Format command line.
• check “TrueCrypt Mode” in password dialog when mounting a file container with .tc extension
• Update XML languages ​​files.

Linux:

• Fix regression causing admin password to be requested too many times in some cases
• Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)
• Make sure password gets deleted in case of internal error when mounting volume (Reported and fixed by Hanno Böck)
• Fix passwords using Unicode characters not recognized in text mode.
• Fix failure to run VeraCrypt binary built for console mode on headless machines.
• Add switch to force the use of legacy maximum password length (64 UTF8 bytes)
• Add CLI switch (–use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password
• During uninstall, output error message to STDERR instead of STDOUT for better compatibility with package managers.
• Make sector size mismatch error when mounting disks more verbose.
• Speedup SHA256 in 64-bit mode by using assembly code.

macOS:

• Add switch to force the use of legacy maximum password length (64 UTF8 bytes)
• Fix off by one buffer overflow in function Process::Execute (Reported and fixed by Hanno Böck)
• Fix passwords using Unicode characters not recognized in text mode.
• Make sector size mismatch error when mounting disks more verbose.
• Speedup SHA256 in 64-bit mode by using assembly code.