"According to the researcher, the underlying issue for YellowKey is a well-hidden vulnerability without an explicit root cause, and could be a backdoor intentionally planted into BitLocker. "Now, why would I say this is a backdoor? The component that is responsible for this bug is not present anywhere (even on the internet) except inside WinRE image, and what makes it raise suspicions is the fact that the exact same component is also present with the exact same name in a normal Windows installation, but without the functional""
Two zero-day vulnerabilities in Windows enable bypassing BitLocker and escalating privileges. BitLocker relies on TPM for hardware-based protection of full-volume encryption. A proof-of-concept called YellowKey allows an attacker with physical access to a Windows 11 machine to gain unrestricted access to the storage volume. The exploit chain involves copying a proof-of-concept folder to a USB drive and using it to interact with the BitLocker-protected system, potentially by targeting the EFI partition. The attacker then reboots into Windows Recovery Environment by using Shift-Restart, releases Shift, and holds Ctrl to spawn a command prompt with access to the protected volume. The underlying issue is described as a hidden vulnerability with no explicit root cause, raising suspicion of an intentionally planted backdoor component present in WinRE.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]