{"id":252165,"date":"2026-05-20T04:28:00","date_gmt":"2026-05-20T08:28:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/microsoft-releases-mitigation-for-yellowkey-bitlocker-bypass-cve-2026-45585-exploit\/"},"modified":"2026-05-22T04:20:08","modified_gmt":"2026-05-22T08:20:08","slug":"microsoft-releases-mitigation-for-yellowkey-bitlocker-bypass-cve-2026-45585-exploit","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/microsoft-releases-mitigation-for-yellowkey-bitlocker-bypass-cve-2026-45585-exploit\/","title":{"rendered":"Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/microsoft-releases-mitigation-for.html\">Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/microsoft-releases-mitigation-for.html\">https:\/\/thehackernews.com\/2026\/05\/microsoft-releases-mitigation-for.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-20 04:28:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">May 20, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Encryption<\/span><\/p>\n<p>Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.<\/p>\n<p>The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.<\/p>\n<p>&#8220;Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &#8216;YellowKey,'&#8221; the tech giant said in an advisory. &#8220;The proof of concept for this vulnerability has been made public, violating coordinated vulnerability best practices.&#8221;<\/p>\n<p>The issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation).<\/p>\n<p>YellowKey was disclosed by a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse). It essentially involves placing specially crafted &#8216;FsTx&#8217; files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.<\/p>\n<p>&#8220;If you did everything properly, a shell will spawn with unrestricted access to the BitLocker protected volume,&#8221; the researcher noted in a GitHub post.<\/p>\n<p>Redmond noted that successful exploitation could permit an attacker with physical access to sidestep the BitLocker Device Encryption feature on the system storage device and gain access to encrypted data.<\/p>\n<p>&#8220;To break encryption, YellowKey abuses a behavioral trust assumption in the recovery interface, allowing attackers to spawn an unrestricted shell with full access to the encrypted volume during the pre-boot recovery sequence,&#8221; LevelBlue said. &#8220;And because YellowKey doesn&#8217;t require software installation, existing credentials, or network access to break encryption, any&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/microsoft-releases-mitigation-for.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https:\/\/thehackernews.com\/2026\/05\/microsoft-releases-mitigation-for.html Publish Date: 2026-05-20 04:28:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":252166,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEh8DmW5nAG63-9iR2RmnP7i3GVJ9EBtLznscnnjROZ-DWRALYo0zsPNjUm2J6khkqSDJiX5Gmwb8sxPh4jHRcsJWFhKSdxZzz4D2f5bOahbfcnmQrUdvhyphenhyphenNVrE-LFMUhhf6rvSyxG2CoVhEFxbZSpEc0y52PM-qxwn02cDP3K3hEzf1nqcRNZEG1wOTjAiQ\/s1600\/bitlocker-exploit.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-252165","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252165"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=252165"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252165\/revisions"}],"predecessor-version":[{"id":252167,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/252165\/revisions\/252167"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/252166"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=252165"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=252165"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=252165"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}