Microsoft issues YellowKey mitigation, no patch yet
Microsoft issues YellowKey mitigation, no patch yet
https://securityaffairs.com/192449/hacking/microsoft-issues-yellowkey-mitigation-no-patch-yet.html
Publish Date: 2026-05-20 11:15:00
Source Domain: securityaffairs.com
Microsoft issues YellowKey mitigation, no patch yet
Pierluigi Paganini
May 20, 2026
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN.
A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why.
The flaw, tracked as CVE-2026-45585 (CVSS score of 6.8), is a BitLocker security feature bypass. It affects Windows 11 versions 24H2, 25H2, and 26H1 on x64 systems, as well as Windows Server 2025 in both standard and Server Core installations.
“Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as “YellowKey”.” reads the advisory. “The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.”
Microsoft condemns the Chaotic Eclipse’s decision to release working exploit code without going through the standard coordinated disclosure process, the same researcher who has now disclosed five separate Windows vulnerabilities in rapid succession, including GreenPlasma, BlueHammer, RedSun, UnDefend, and MiniPlasma.
The attack is physical, for this reason, it has received a CVSS score of 6.8 rather than something higher. An attacker needs hands-on access to the target machine. With that access, they place specially crafted FsTx files on a USB drive or directly in the EFI partition, plug the drive in, reboot into the Windows Recovery Environment, and hold down CTRL. If the setup is done correctly, a shell spawns with unrestricted access to the BitLocker-protected volume. The encryption that was supposed to keep the data safe becomes irrelevant.
As Chaotic Eclipse put it in the original GitHub disclosure: if everything is done correctly, you get a shell with…
