Microsoft Warns: Windows Zero-Day 'YellowKey' Can Bypass BitLocker

Microsoft Warns: Windows Zero-Day 'YellowKey' Can Bypass BitLocker

Briefly

"Microsoft has moved to contain the newly disclosed Windows zero-day vulnerability, dubbed "YellowKey," but the company still lacks a permanent fix. The company on Tuesday updated its advisory with a temporary mitigation script for the flaw, which is said to bypass BitLocker protections by abusing the Windows Recovery Environment (WinRE). The mitigation provides all Windows users with immediate steps to reduce exposure while its engineers work on a more permanent fix via a security update."

"Tracked as CVE-2026-45585, YellowKey was publicly disclosed alongside its Proof of Concept (PoC) and targets one of Windows most trusted security protections. Although the attack requires physical access to a device rather than a remote compromise, it raises concerns for users and enterprises that rely on BitLocker to secure lost or stolen laptops."

"A BitLocker bypass hands over a victim's entire disk contents for a threat actor to view, modify, or potentially clone. A threat actor just needs to craft a special "FsTx" file to load onto a USB drive, then boot the victim's computer into Windows Recovery Mode and trigger a shell with unrestricted access by holding down the CTRL key."

"YellowKey requires a threat actor to have physical access to a target's computer. And while this may seem insignificant, lost or stolen computers are prime targets, plus insider threats are one way this flaw can compromise users. Confiscation of the device remains a less common but valid risk."