Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Staff Editor 2026-05-20
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html

Publish Date: 2026-05-20 04:28:00

Source Domain: thehackernews.com

Ravie LakshmananMay 20, 2026Vulnerability / Encryption

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.

The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.

“Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as ‘YellowKey,'” the tech giant said in an advisory. “The proof of concept for this vulnerability has been made public, violating coordinated vulnerability best practices.”

The issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation).

YellowKey was disclosed by a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse). It essentially involves placing specially crafted ‘FsTx’ files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.

“If you did everything properly, a shell will spawn with unrestricted access to the BitLocker protected volume,” the researcher noted in a GitHub post.

Redmond noted that successful exploitation could permit an attacker with physical access to sidestep the BitLocker Device Encryption feature on the system storage device and gain access to encrypted data.

“To break encryption, YellowKey abuses a behavioral trust assumption in the recovery interface, allowing attackers to spawn an unrestricted shell with full access to the encrypted volume during the pre-boot recovery sequence,” LevelBlue said. “And because YellowKey doesn’t require software installation, existing credentials, or network access to break encryption, any…

Source

More Stories

OpenAI to provide latest cybersecurity AI model to Japanese firms

OpenAI to provide latest cybersecurity AI model to Japanese firms

Staff Editor 2026-05-22
Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Staff Editor 2026-05-22
The EU seeks to reduce its reliance on US AI in cybersecurity

The EU seeks to reduce its reliance on US AI in cybersecurity

Staff Editor 2026-05-22

Terms and Conditions - Privacy Policy