Windows 11 BitLocker bypass YellowKey security flaw
Vulnerability
Summary
Hide ▲
Show ▼
YellowKey is a Windows BitLocker security feature bypass tracked as CVE-2026-45585 that can expose BitLocker-protected drives through the Windows Recovery Environment (WinRE) path. Microsoft has issued mitigation guidance after the proof of concept was made public, including removing autofstx.exe from the BootExecute registry value and moving already encrypted devices from TPM-only to TPM+PIN. The disclosed technique uses crafted FsTx files on a USB drive or EFI partition to reach a shell with unrestricted access to the protected storage volume.
Related Happenings
Windows BitLocker YellowKey security feature bypass (CVE-2026-45585)
Vulnerability
First: 20.05.2026 11:28
Last: 20.05.2026 11:28
Sources 1
About this happening:
**CVE-2026-45585** is a **BitLocker security feature bypass** affecting **Windows 11 26H1/24H2/25H2** and **Windows Server 2025**, and Microsoft has already issued **mitigations**...
Windows BitLocker YellowKey security feature bypass (CVE-2026-45585)
VulnerabilityAbout this happening: **CVE-2026-45585** is a **BitLocker security feature bypass** affecting **Windows 11 26H1/24H2/25H2** and **Windows Server 2025**, and Microsoft has already issued **mitigations**...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/Mitigation
First: 20.05.2026 10:31
Last: 20.05.2026 10:31
Sources 1
How related:
"We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available."
About this happening:
Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/MitigationHow related: "We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available."
About this happening: Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw
Vulnerability
First: 18.05.2026 07:59
Last: 18.05.2026 07:59
Sources 1
About this happening:
**MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...
Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw
VulnerabilityAbout this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...
Windows cldflt.sys privilege escalation (CVE-2020-17103)
Vulnerability
First: 18.05.2026 01:30
Last: 18.05.2026 01:30
Sources 1
About this happening:
A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Windows cldflt.sys privilege escalation (CVE-2020-17103)
VulnerabilityAbout this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Azure Backup for AKS privilege escalation flaw
Vulnerability
First: 16.05.2026 23:55
Last: 16.05.2026 23:55
Sources 1
About this happening:
A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...
Azure Backup for AKS privilege escalation flaw
VulnerabilityAbout this happening: A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...
Timeline
-
20.05.2026 10:31 1 articles · 7d ago
Microsoft shares YellowKey mitigation guidance
Mitigation Patch UpdateMicrosoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.
Show sources
- Microsoft shares mitigation for YellowKey Windows zero-day — www.bleepingcomputer.com — 20.05.2026 10:31
-
14.05.2026 10:27 1 articles · 13d ago
Chaotic Eclipse publicly discloses YellowKey and GreenPlasma
Initial DisclosureChaotic Eclipse and Nightmare Eclipse publicly release proof-of-concept code for YellowKey, a Windows 11 BitLocker bypass that can expose the protected storage volume, and GreenPlasma, a separate Windows zero-day that can elevate privileges to System.
Show sources
- Researcher Drops YellowKey, GreenPlasma Windows Zero-Days — www.securityweek.com — 14.05.2026 10:27
-
14.05.2026 10:27 3 articles · 13d ago
Researchers validate YellowKey on recent Windows 11 builds
Technical Analysis UpdateIndependent testers including Kevin Beaumont, KevTheHermit, Will Dormann, and JaGoTu confirm YellowKey works against recent Windows 11 builds, and TPM PIN-protected devices may also be affected depending on the WinRE implementation. The exploit path can begin with a USB drive or EFI partition and then use Windows Recovery Environment (WinRE) to reach a command prompt that exposes the protected volume.
Show sources
- Researcher Drops YellowKey, GreenPlasma Windows Zero-Days — www.securityweek.com — 14.05.2026 10:27
- Researcher Drops YellowKey, GreenPlasma Windows Zero-Days — www.securityweek.com — 14.05.2026 10:27
- Windows BitLocker zero-day gives access to protected drives, PoC released — www.bleepingcomputer.com — 13.05.2026 19:37