Microsoft has released mitigations for YellowKey, a public zero-day exploit that can bypass BitLocker protection on Windows systems with physical access. The flaw, tracked as CVE-2026-45585, allows an attacker using a USB drive and recovery mode to spawn a shell and access encrypted data. #YellowKey #CVE-2026-45585 #BitLocker #WinRE
Keypoints
- Microsoft issued mitigations for the YellowKey zero-day flaw.
- CVE-2026-45585 can bypass BitLocker on affected systems.
- An attacker needs physical access and a USB drive with exploit code.
- The exploit can force WinRE to open a shell instead of recovery mode.
- Microsoft recommends updating WinRE and adding a BitLocker PIN.
Read More: https://www.securityweek.com/microsoft-rolls-out-mitigations-for-yellowkey-bitlocker-bypass/