{"id":250910,"date":"2026-05-20T11:15:00","date_gmt":"2026-05-20T15:15:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/microsoft-issues-yellowkey-mitigation-no-patch-yet\/"},"modified":"2026-05-20T23:55:11","modified_gmt":"2026-05-21T03:55:11","slug":"microsoft-issues-yellowkey-mitigation-no-patch-yet","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/microsoft-issues-yellowkey-mitigation-no-patch-yet\/","title":{"rendered":"Microsoft issues YellowKey mitigation, no patch yet"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/192449\/hacking\/microsoft-issues-yellowkey-mitigation-no-patch-yet.html\">Microsoft issues YellowKey mitigation, no patch yet<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192449\/hacking\/microsoft-issues-yellowkey-mitigation-no-patch-yet.html\">https:\/\/securityaffairs.com\/192449\/hacking\/microsoft-issues-yellowkey-mitigation-no-patch-yet.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-20 11:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Microsoft issues YellowKey mitigation, no patch yet<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> May 20, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2016\/11\/windows-zero-day.png?fit=702%2C336&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN.<\/h2>\n<p>A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why.<\/p>\n<p>The flaw, tracked as CVE-2026-45585 (CVSS score of 6.8), is a BitLocker security feature bypass. It affects Windows 11 versions 24H2, 25H2, and 26H1 on x64 systems, as well as Windows Server 2025 in both standard and Server Core installations.<\/p>\n<p>\u201cMicrosoft is aware of a security feature bypass vulnerability in Windows publicly referred to as \u201cYellowKey\u201d.\u201d reads the advisory. \u201cThe proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\u201d<\/p>\n<p>Microsoft condemns the Chaotic Eclipse\u2019s decision to release working exploit code without going through the standard coordinated disclosure process, the same researcher who has now disclosed five separate Windows vulnerabilities in rapid succession, including GreenPlasma, BlueHammer, RedSun, UnDefend, and MiniPlasma.<\/p>\n<p>The attack is physical, for this reason, it has received a CVSS score of 6.8 rather than something higher. An attacker needs hands-on access to the target machine. With that access, they place specially crafted FsTx files on a USB drive or directly in the EFI partition, plug the drive in, reboot into the Windows Recovery Environment, and hold down CTRL. If the setup is done correctly, a shell spawns with unrestricted access to the BitLocker-protected volume. The encryption that was supposed to keep the data safe becomes irrelevant.<\/p>\n<p>As Chaotic Eclipse put it in the original GitHub disclosure: if everything is done correctly, you get a shell with&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192449\/hacking\/microsoft-issues-yellowkey-mitigation-no-patch-yet.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft issues YellowKey mitigation, no patch yet https:\/\/securityaffairs.com\/192449\/hacking\/microsoft-issues-yellowkey-mitigation-no-patch-yet.html Publish Date: 2026-05-20 11:15:00 Source Domain: securityaffairs.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":250911,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2016\/11\/windows-zero-day.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-250910","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250910"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=250910"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250910\/revisions"}],"predecessor-version":[{"id":250912,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250910\/revisions\/250912"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/250911"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=250910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=250910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=250910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}