Microsoft patches YellowKey BitLocker vulnerability CVE-2026-45585

Mitigation Released for Critical BitLocker Bypass Flaw

A recently disclosed vulnerability in BitLocker, the disk encryption feature integrated into Windows, has sparked concerns among users and security experts alike.

Vulnerability Details

• The vulnerability, dubbed CVE-2026-45585, also known as “YellowKey,” allows attackers to access user data stored on compromised devices, even when protected by BitLocker.
• The vulnerability was discovered by a security researcher going by the handle “Nightmare Eclipse.”
• The vulnerability can only be exploited through physical access to a vulnerable device.

PoC Exploit Published

• Nightmare Eclipse has published a proof-of-concept (PoC) exploit that demonstrates the ease with which an attacker could leverage this vulnerability.
• The PoC exploit has raised alarms, as it shows how the vulnerability can be used to bypass BitLocker’s protections.

Mitigation Options

• Microsoft has released guidance for mitigating the YellowKey vulnerability.
• Users have two options to choose from:
• Removing the vulnerable file (autofstx.exe) from the mounted Windows Recovery Environment (Windows RE) image hive and reestablishing BitLocker trust for WinRE;
• Adding a PIN to the BitLocker protection.

While the first option appears to be effective, as the FsTx Auto Recovery Utility (autofstx.exe) is present in the affected systems, Nightmare Eclipse has hinted that they possess a PoC exploit capable of bypassing even this enhanced protection.

Recommendations

• This incident highlights the importance of vigilance and proactive measures in addressing vulnerabilities like CVE-2026-45585.
• Users are advised to take immediate action to mitigate this vulnerability and ensure the continued security of their data.
• Organizations should reassess their security protocols and consider implementing additional safeguards to prevent similar attacks in the future.

About Author

Anuj

See author's posts