A security researcher going by the GitHub handle Nightmare-Eclipse disclosed a potentially nasty BitLocker bypass in Windows 11 earlier this month. Dubbed YellowKey, the exploit allows an attacker to read the contents of a BitLocker-encrypted drive by abusing standard behavior of the Windows Recovery Environment.
Nightmare-Eclipse adds that, as far as their testing is concerned, the vulnerability only appears to be present in Windows 11. The security researcher describes it as "one of the most insane discoveries I ever found."
This week Microsoft acknowledged the vulnerability, and criticised the public sharing of the YellowKey proof of concept, saying this violates "coordinated vulnerability best practices." The company has since designated the vulnerability CVE-2026-45585, and provided some mitigation guidance, but the BitLocker bypass remains unpatched at time of writing. That said, the fact this attack requires physical access to...
English (US)