This is not an exasuration. A vulnerability is a 2022 version of Windows Boot Manager ([CVE-2023-21563 | nvd.nist.gov]) allows an attacker to get access to the BitLocker encryption key, while bypassing the windows boot process, stealing the data.
This exploit cannot be patched, as the affected bootloader versions were signed by the Microsoft Secure Boot key, which allows them to pass Secure Boot checks.
This attack is quite easy to perform if you have physical access to the device.
You can combat this by disabling unattended decryption: [How to Enable a Pre-Boot BitLocker PIN on Windows | howtogeek.com]. This will make it so that you have to enter the BitLocker password before booting, instead of relying on the TPM.
[Windows BitLocker: Screwed without a Screwdriver | media.ccc.de]
PS: Microsoft could theoretically change their Secure Boot signing key, but that would break a lot of Windows installs, so it’s unlikely
PS2: It has come to my attention that this is a duplicate of a post made over a month ago, but it’s still very relevant. And it will be relevant until Microsoft’s keys expire in 2026