An attacker with physical access can abruptly restart the device and dump RAM, as analysis of this memory may reveal FVEK keys from recently running Windows instances, compromising data encryption.
The effectiveness of this attack is, however, limited because the data stored in RAM degrades rapidly after the power is cut off.
If the computer doesn’t password protection and the attacker has physical access… They can just copy the data, why care about the keys?
I think that’s already a worst case scenario.
The user still has to login to their user account. The assumption is that the Windows login is secure so BitLocker can decrypt using TPM and an attacker still won’t have access to the data without being able to log in.
This article obviously shows a method how an attacker can potentially still get access to the data without logging in.