Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/Mitigation
Summary
Hide ▲
Show ▼
Microsoft issued mitigation guidance for YellowKey, a Windows BitLocker zero-day that can expose BitLocker-protected drives before the security update is available. The advisory matters because the flaw has a public proof-of-concept exploit and Microsoft is trying to reduce the risk of potential attacks in the meantime. The guidance includes hardening steps for already encrypted devices and systems that are not yet encrypted.
Related Happenings
Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)
Vulnerability
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...
Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)
VulnerabilityAbout this happening: Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Windows BitLocker YellowKey security feature bypass (CVE-2026-45585)
Vulnerability
First: 20.05.2026 11:28
Last: 20.05.2026 11:28
Sources 1
About this happening:
**CVE-2026-45585** is a **BitLocker security feature bypass** affecting **Windows 11 26H1/24H2/25H2** and **Windows Server 2025**, and Microsoft has already issued **mitigations**...
Windows BitLocker YellowKey security feature bypass (CVE-2026-45585)
VulnerabilityAbout this happening: **CVE-2026-45585** is a **BitLocker security feature bypass** affecting **Windows 11 26H1/24H2/25H2** and **Windows Server 2025**, and Microsoft has already issued **mitigations**...
Windows 11 BitLocker bypass YellowKey security flaw
Vulnerability
First: 14.05.2026 10:27
Last: 14.05.2026 10:27
Sources 1
How related:
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives.
About this happening:
**YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...
Windows 11 BitLocker bypass YellowKey security flaw
VulnerabilityHow related: Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives.
About this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...
Latest development: 20.05.2026 10:31
Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.
Microsoft May 2026 Patch Tuesday release
Security Patch Release
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Timeline
-
20.05.2026 10:31 2 articles · 7d ago
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Initial DisclosureFollowing public disclosure of **YellowKey** and a released **PoC exploit**, Microsoft assigned **CVE-2026-45585** and issued interim mitigations. The initial focus was preventing unauthorized access to **BitLocker-protected storage** until a security update could be delivered.
Show sources
- Microsoft shares mitigation for YellowKey Windows zero-day — www.bleepingcomputer.com — 20.05.2026 10:31
- Microsoft shares mitigation for YellowKey Windows zero-day — www.bleepingcomputer.com — 20.05.2026 10:31