security feature Archives

Winsage

May 28, 2026

“I have proof for every single word”: This security researcher’s GitHub and Microsoft accounts were deleted after claiming a Windows 11 exploit in BitLocker is by design

A zero-day exploit named YellowKey was revealed by a researcher known as "Chaotic Eclipse" or Nightmare-Eclipse, which allows access to BitLocker-protected drives on Windows 11 using a USB key. Microsoft acknowledged the vulnerability, tracked as CVE-2026-45585, and provided mitigation strategies. The researcher expressed frustration over Microsoft's handling of the situation, including the banning of their GitHub account and lack of communication regarding unpaid bounties from Microsoft's MSRC program, which offers rewards for reporting vulnerabilities. Nightmare-Eclipse hinted at having evidence to support their claims and indicated plans to release documents related to the issue.

Winsage

May 26, 2026

FAQ: What you need to know about expiring Windows Secure Boot certificates

Secure Boot is a security mechanism that authenticates firmware-based software through trusted certificates during the startup process of Windows, preventing unauthorized code execution. It is part of the UEFI firmware standard and was introduced in 2011 to allow only verified, signed code to run at startup. Microsoft first implemented Secure Boot certificates in 2011 as an optional feature in Windows 8, and it remained optional in Windows 10. However, it became a mandatory requirement with the launch of Windows 11 in 2021, indicating the widespread adoption of UEFI systems.

Winsage

May 26, 2026

Why Hyper-V Breaks Emulators on Windows 11 (And the Fix)

Enabling Hyper-V on Windows 11 can cause applications like BlueStacks or VirtualBox to lag or fail to launch due to conflicts with CPU virtualization extensions (VT-x/AMD-V). Hyper-V is a Type-1 hypervisor that monopolizes these resources, preventing Type-2 hypervisors from accessing them directly. Common issues include error messages from BlueStacks, LDPlayer, VirtualBox, VMware, and Android Studio related to virtualization availability. To check if Hyper-V is enabled, users can use Task Manager, System Information, Windows Features, Command Prompt, or PowerShell. Disabling Hyper-V can be done through various methods, including unchecking it in Windows Features, using PowerShell, the bcdedit command, or modifying BIOS settings. However, disabling Hyper-V also stops functionalities like WSL2 and Memory Integrity. Some modern emulators, such as BlueStacks and VMware Workstation Pro, have adapted to work alongside Hyper-V, while VirtualBox's compatibility remains experimental. For optimal emulator performance, users should allocate appropriate CPU cores and RAM, ensure virtualization is enabled in BIOS, enable GPU acceleration, and set the Windows power plan to "Best performance." If issues persist, users should confirm Hyper-V is off, check BIOS settings, and reset emulator configurations.

AppWizard

May 23, 2026

“Congrats to the owners of a brand new $6k paperweight”: Valorant dev Riot makes players think Vanguard anti-cheat will brick their PCs, causing uproar — here’s what’s really happening

Valorant's anti-cheat system, Vanguard, has been controversial due to its interference with DMA firmware devices, which are used to cheat in the game. Riot Games posted a message suggesting that Vanguard was making these devices unusable, leading to backlash from the gaming community. Riot clarified that Vanguard does not damage hardware or disable devices but prevents DMA cheat devices from functioning while IOMMU protections are enabled. Players not using DMA devices are not affected. The situation has sparked debate about the balance between anti-cheat measures and their impact on hardware.

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Winsage

May 22, 2026

Microsoft says public sharing of Windows 11 vulnerability violates ‘best practices’

A security researcher known as Nightmare-Eclipse revealed a vulnerability in Windows 11, named YellowKey, which allows attackers to access BitLocker-encrypted drives through the Windows Recovery Environment. Microsoft acknowledged the vulnerability, assigned it the identifier CVE-2026-45585, and criticized the public sharing of its proof of concept. Currently, there is no patch available for the BitLocker bypass, but physical access to the device provides some protection. The vulnerability does not exist in Windows 10 due to differences in the Windows Recovery Environment. The attack requires a stolen Windows 11 laptop and a USB stick, and the vulnerable filesystems include NTFS, FAT32, and exFAT. Nightmare-Eclipse speculated that the bypass may function as a backdoor, while Microsoft referred to it as a "security feature bypass vulnerability."

Winsage

May 20, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has addressed the YellowKey vulnerability, a zero-day flaw in Windows BitLocker identified as CVE-2026-45585. This vulnerability allows unauthorized access to BitLocker-protected drives through a specific exploitation process involving 'FsTx' files. The flaw was disclosed by an anonymous researcher known as 'Nightmare Eclipse.' Microsoft has released mitigation strategies, including removing the autofstx.exe entry from the Session Manager's BootExecute REGMULTISZ value and reestablishing BitLocker trust for WinRE. Additionally, users are advised to change BitLocker settings from "TPM-only" to "TPM+PIN" mode, requiring a pre-boot PIN for drive decryption, and to enable "Require additional authentication at startup" for unencrypted devices.

Winsage

May 15, 2026

Microsoft fixes a major BitLocker bug… but leaves Windows 10 users hanging (for now)

Microsoft confirmed a BitLocker-related issue caused by the April 2026 Security Update (KB5083769) for Windows 11, which led some devices to boot into the BitLocker recovery screen. A fix has been released, but it is currently available only for Windows 11, version 25H2, with Windows 10 and Windows Server users awaiting a solution. Administrators are advised to remove the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy setting before installing the April 2026 update. Additionally, a security researcher named Chaotic Eclipse has developed a zero-day exploit called YellowKey, which can bypass BitLocker security using a USB stick, affecting Windows Server 2022 and 2025 but not Windows 10.

AppWizard

May 12, 2026

Android Apps on Windows 11: Safe Alternatives After WSA

In 2025, Microsoft announced it would discontinue support for the Windows Subsystem for Android (WSA), making Android applications non-functional on Windows 11. This decision surprised many users in Indonesia who relied on these applications. HP developed a guide outlining secure alternatives to WSA, which included reputable Android emulators like BlueStacks, LDPlayer, and NoxPlayer, as well as native Windows alternatives such as Microsoft Teams and Microsoft 365 apps. Users were advised against unverified APK sideloading, unofficial emulators, and modified apps due to security risks. Microsoft’s end of support means no further security updates or bug fixes will be provided, and integration with the Amazon Appstore will cease. Users can continue using WSA apps, but they will be exposed to potential security threats. To migrate data from WSA, users were instructed to inventory apps, research alternatives, and export app data before performing a clean uninstall. Best practices for running Android apps safely on Windows included downloading from official sources and keeping software updated.

Winsage

May 8, 2026

Windows update is breaking backups, and here’s how you can fix it

A recent Windows update, KB5083769, released on April 14, 2026, blocks the psmounterex.sys driver, disrupting the functionality of third-party backup software like Acronis Cyber Protect Cloud, Macrium Reflect, and NinjaOne. This driver is essential for loading and mounting backup storage images. Users may encounter errors related to Microsoft VSS during backup attempts. The update is a security enhancement, not a bug, and users are advised to upgrade their backup software to versions that use a newer driver or temporarily uninstall the KB5083769 update. It is recommended to check for updates from the backup software provider and pause Windows Updates to prevent automatic reinstallation of the problematic update until a fix is available.