BitLocker Archives

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Winsage

May 22, 2026

Microsoft says public sharing of Windows 11 vulnerability violates ‘best practices’

A security researcher known as Nightmare-Eclipse revealed a vulnerability in Windows 11, named YellowKey, which allows attackers to access BitLocker-encrypted drives through the Windows Recovery Environment. Microsoft acknowledged the vulnerability, assigned it the identifier CVE-2026-45585, and criticized the public sharing of its proof of concept. Currently, there is no patch available for the BitLocker bypass, but physical access to the device provides some protection. The vulnerability does not exist in Windows 10 due to differences in the Windows Recovery Environment. The attack requires a stolen Windows 11 laptop and a USB stick, and the vulnerable filesystems include NTFS, FAT32, and exFAT. Nightmare-Eclipse speculated that the bypass may function as a backdoor, while Microsoft referred to it as a "security feature bypass vulnerability."

Winsage

May 20, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has addressed the YellowKey vulnerability, a zero-day flaw in Windows BitLocker identified as CVE-2026-45585. This vulnerability allows unauthorized access to BitLocker-protected drives through a specific exploitation process involving 'FsTx' files. The flaw was disclosed by an anonymous researcher known as 'Nightmare Eclipse.' Microsoft has released mitigation strategies, including removing the autofstx.exe entry from the Session Manager's BootExecute REGMULTISZ value and reestablishing BitLocker trust for WinRE. Additionally, users are advised to change BitLocker settings from "TPM-only" to "TPM+PIN" mode, requiring a pre-boot PIN for drive decryption, and to enable "Require additional authentication at startup" for unencrypted devices.

Winsage

May 20, 2026

Did you know you can get Microsoft Office and Windows 11 Pro for life for only $26

Lifetime licenses for Windows 11 Pro and Microsoft Office Plus 2019 are available for .99, reduced from the regular price of 9.99. The Office 2019 Professional Plus suite includes Word, Excel, PowerPoint, Outlook, OneNote, Publisher, and Access, designed for installation on a single Windows PC and allowing offline use without ongoing payments. Windows 11 Pro features enhanced snap layouts, virtual desktops, robust security with BitLocker encryption, TPM 2.0, Windows Hello, Smart App Control, Hyper-V for virtual machines, and Windows Sandbox for secure testing. Both licenses are permanent, device-linked, and verified through Microsoft’s partner program.

Winsage

May 20, 2026

How To Mitigate The Microsoft Windows BitLocker ‘Angry Hacker’ 0-Day

Microsoft is addressing a zero-day exploit known as YellowKey, identified as CVE-2026-45585, which allows attackers to bypass BitLocker security using a specially crafted USB device. Following the release of exploit code by a hacker named Chaotic Eclipse, Microsoft has issued urgent mitigation advice. Cybersecurity expert Neena Sharma recommends treating this as an active threat and suggests implementing compensating controls, such as restricting USB boot access, until a patch is available. Microsoft has provided guidance for users to protect their systems, including the recommendation to add a PIN to BitLocker protection to reduce the risk of exploitation. Detailed instructions for adding a PIN are included in the advisory. YellowKey has not yet been exploited in the wild but requires physical access to the device.

Winsage

May 20, 2026

You Can Get Windows 11 Pro on Sale for A$13 Right Now

Windows 11 Pro is currently available for a reduced price of A, down from A8. It includes features such as Windows Copilot, remote desktop access, TPM 2.0, Smart App Control, biometric login, BitLocker encryption, Azure Active Directory integration, Hyper-V, and Windows Sandbox. Minimum system requirements are a 1GHz processor, 4GB of RAM, and 64GB of hard disk space. The offer is provided by a trusted Microsoft partner and may change soon.

Winsage

May 18, 2026

Switcher 2026: Minimizing the Microsoft in Windows 11 ⭐

Many users of Windows 11 seek to minimize reliance on Microsoft products while still utilizing the operating system's capabilities. This can be achieved through a thoughtful configuration of the system. Two laptops, the Surface Laptop 7 (Windows 11 Pro) and the HP OmniBook 5 (Windows 11 Home), were reset using the "Reset this PC" feature for a clean setup. A local account can be created during the Out of Box Experience (OOBE) by bypassing the online requirement. After connecting to Wi-Fi, updates were installed, and account security was enhanced by adding a password, PIN, and facial recognition. For Windows 11 Pro users, BitLocker can be enabled for disk encryption, while Windows 11 Home users may need to upgrade to Pro for this feature. Unnecessary Microsoft applications, such as OneDrive, OneNote, and Microsoft 365, were uninstalled, and the Start menu was cleaned up. Preferred applications were installed using web-based methods and the Windows Package Manager (winget). A preferred web browser was set as the default, and measures were taken to prevent Microsoft Edge from launching unexpectedly. OneDrive was uninstalled in favor of an alternative cloud storage client, and File Explorer was configured to improve usability. The Copilot key was repurposed to avoid accidental activation, and optional diagnostic data transmission was disabled to enhance privacy. Additional configurations included removing unnecessary taskbar items and adjusting power settings for a more personalized experience.

Winsage

May 18, 2026

Microsoft confirms Windows 11 security update install issues

Microsoft has acknowledged a significant issue with the May 2026 Windows 11 security update, KB5089549, where users are encountering difficulties in installation, specifically the 0x800f0922 error code. This issue is primarily due to insufficient free space on the EFI System Partition (ESP), especially for devices with 10 MB or less available. The installation may fail during the reboot phase at around 35–36% completion, with users receiving notifications like "Something didn't go as planned. Undoing changes." Log entries may indicate insufficient ESP free space, such as "SpaceCheck: Insufficient free space" and "ServicingBootFiles failed. Error = 0x70." Microsoft recommends affected users utilize the Known Issue Rollback feature to reverse problematic updates and advises IT departments to install and configure the relevant Group Policy to address the issue.

Winsage

May 17, 2026

New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

A cybersecurity researcher, known as Chaotic Eclipse, has released a proof-of-concept exploit for a Windows privilege escalation zero-day vulnerability called "MiniPlasma," which allows attackers to gain SYSTEM privileges on fully patched Windows systems. The vulnerability affects the cldflt.sys Cloud Filter driver and was reported by Google Project Zero in September 2020, assigned the identifier CVE-2020-17103, and claimed to be resolved by Microsoft in December 2020. However, Chaotic Eclipse asserts that the vulnerability remains unpatched. Testing confirmed that the exploit works on Windows 11 Pro, enabling command prompt access with SYSTEM privileges from a standard user account. Will Dormann, a vulnerability analyst, verified the exploit's effectiveness but noted it did not work in the latest Windows 11 Insider Preview Canary build. The exploit leverages the undocumented CfAbortHydration API to manage registry key creation improperly. Chaotic Eclipse has previously disclosed other Windows zero-day vulnerabilities and claims their actions are a protest against Microsoft's handling of vulnerabilities.

Winsage

May 17, 2026

Switch to Windows 11 Pro for $10 and get serious security, speed, and focus tools

Microsoft Windows 11 Pro is available for a limited time at a promotional price of .97, reduced from the standard retail price of 9, until May 31. The operating system features a redesigned interface for enhanced user experience, including snap layouts, virtual desktops, and rapid search tools. It offers robust security with features like BitLocker encryption, Windows Hello biometric login, and TPM 2.0 compatibility. Additionally, it includes Windows AI Copilot for task automation and idea brainstorming, making it beneficial for various users such as developers and small business owners.