How To Mitigate The Microsoft Windows BitLocker YellowKey USB 0-Day
Microsoft said the flaw can let attackers reach BitLocker-protected drives and urged admins to apply workarounds before a security update arrives.
- On Tuesday, Microsoft issued guidance for the 'YellowKey' Windows BitLocker vulnerability , which allows unauthorized access to protected drives using a malicious USB key.
- Last week, an anonymous researcher known as 'Nightmare Eclipse' disclosed the flaw, publishing a proof-of-concept exploit that describes the issue as a "backdoor".
- To mitigate YellowKey attacks, Microsoft advised removing the FsTx Auto Recovery Utility entry and configuring 'TPM+PIN' mode. "Specifically, you prevent the FsTx Auto Recovery Utility, autofstx.exe, from automatically starting," Will Dormann, principal vulnerability analyst at Tharros, explained.
- Organizations should treat this as an active threat, Neena Sharma, a cybersecurity specialist at Filigran, advised, recommending "compensating controls like restricting USB boot access".
- Alongside YellowKey, Microsoft is tracking other recent zero-day flaws, including BlueHammer and RedSun, both now being exploited in attacks. Users may wait for the security update or apply PIN protections if their risk profile demands immediate action.
13 Articles
13 Articles
Eclypsium
Malware Analysis, News and IndicatorsYellowKey: The Unpatched BitLocker Bypass Hidden in Windows Recovery
A stolen Windows 11 laptop and a USB stick are enough to read a BitLocker-encrypted drive using nothing but Microsoft’s own recovery tools, and the researcher is holding back a follow-on attack that also defeats the startup PIN defenders are scrambling to enable in response. Special thanks to Stas Lyakhov and John Loucaides for contributions What is the vulnerability? YellowKey is a BitLocker bypass disclosed in May 2026 by a researcher operatin…
New zero-day gap in Windows: The BitLocker vulnerability "YellowKey" allows access to actually protected drives - we already reported. Microsoft now delivers first countermeasures, but a patch is still missing. (Read more)
A new security failure in the BitLocker, Microsoft disk encryption system, has put users and IT administrators on alert this week. Identified as CVE-2026-45585, vulnerability has received the code name YellowKey and is already treated as a serious threat to protected Windows computers only with TPM-based authentication. The problem has gained enormous repercussion after public disclosure of technical details and concept evidence associated with …
Microsoft issues YellowKey mitigation, no patch yet
Microsoft issues YellowKey mitigation, no patch yet Pierluigi Paganini May 20, 2026 Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. T…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
