{“lastseen”:”2026-05-20T08:29:30″,”description”:”\\n\\nMicrosoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.\\n\\nThe zero-day flaw, now tracked as **CVE-2026-45585** , carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.\\n\\n\\”Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as ‘YellowKey,’\\” the tech giant said in an advisory. \\”The proof of concept for this vulnerability has been made public, violating coordinated vulnerability best practices.\\”\\n\\nThe issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation).\\n\\nYellowKey was disclosed by a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse). It essentially allows placing specially crafted ‘FsTx’ files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.\\n\\n\\”If you did everything properly, a shell will spawn with unrestricted access to the BitLocker protected volume,\\” the researcher noted in a GitHub post.\\n\\nRedmond noted that successful exploitation could permit an attacker with physical access to sidestep the BitLocker Device Encryption feature on the system storage device and gain access to encrypted data.\\n\\nTo address the risk, the following mitigations have been outlined:\\n\\n * Mount the WinRE image on each device.\\n * Mount the system registry hive of the mounted WinRE image.\\n * Modify BootExecute by removing \\”autofstx.exe\\” value from Session Manager’s BootExecute REG_MULTI_SZ value.\\n * Save and unload Registry hive.\\n * Unmount and commit the updated WinRE image.\\n * Reestablish BitLocker trust for WinRE.\\n\\n\\n\\n\\”Specifically, you prevent the FsTx Auto Recovery Utility, autofstx.exe, from automatically starting when the WinRE image launches,\\” security researcher Will Dormann said. \\”With this change, the Transactional NTFS replaying that deletes winpeshl.ini no longer happens. It also recommends switching from TPM-only to TPM+PIN.\\”\\n\\nMicrosoft also emphasized that users can be safeguarded against exploitation by configuring BitLocker on already encrypted devices with \\”TPM-only\\” protector by switching to \\”TPM+PIN\\” mode via PowerShell, the command line, or the control panel. This will require a PIN to decrypt the drive at startup, effectively backing YellowKey attacks.\\n\\nOn devices that are not encrypted, administrators are advised to enable the \\”Require additional authentication at startup\\” option via Microsoft Intune or Group Policies and ensure that \\”Configure TPM startup PIN\\” is set to \\”Require startup PIN with TPM.\\”\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2026-05-20T08:28:00″,”modified”:”2026-05-20T08:28:26″,”type”:”thn”,”title”:”Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit”,”source”:””,”references”:””,”id”:”THN:C50BB9D9A965032E3A06C37C0870FAA6″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2026-45585″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:6.8,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:P\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2026\/05\/microsoft-releases-mitigation-for.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-20T08:29:30″,”description”:”\\n\\nMicrosoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.\\n\\nThe zero-day flaw, now tracked as **CVE-2026-45585**…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,25,12,21,13,7,11,43,5],"class_list":["post-55753","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-68","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n