Microsoft: Mitigation for BitLocker Bypass 'YellowKey' (CVE-2026-45585)

Colleagues, a cybersecurity alert: Microsoft has released a mitigation for the YellowKey vulnerability (CVE-2026-45585), which enables a BitLocker bypass.
Summary:
- Chaotic Eclipse: FsTx on USB/EFI + boot to WinRE — holding Ctrl launches a shell with access to the encrypted volume.
- Affects Windows 11 (24H2–26H1) and Windows Server 2025.
- Microsoft advises mounting WinRE, removing autofstx.exe from BootExecute, recreating the image and restoring BitLocker trust; recommend moving from TPM-only to TPM+PIN.
- For unprotected devices — enforce pre-boot additional authentication via Intune/GPO.
Why it matters: physical access can expose encrypted data when only TPM is used.
What measures will you implement?
#cybersecurity #BitLocker #Windows #vulnerabilities


Latest comments
No comments yet.