Trusted Platform Module Archives

Winsage

May 15, 2026

Microsoft fixes a major BitLocker bug… but leaves Windows 10 users hanging (for now)

Microsoft confirmed a BitLocker-related issue caused by the April 2026 Security Update (KB5083769) for Windows 11, which led some devices to boot into the BitLocker recovery screen. A fix has been released, but it is currently available only for Windows 11, version 25H2, with Windows 10 and Windows Server users awaiting a solution. Administrators are advised to remove the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy setting before installing the April 2026 update. Additionally, a security researcher named Chaotic Eclipse has developed a zero-day exploit called YellowKey, which can bypass BitLocker security using a USB stick, affecting Windows Server 2022 and 2025 but not Windows 10.

Winsage

May 15, 2026

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit named YellowKey allows individuals with physical access to Windows 11 systems to bypass BitLocker encryption protections. Discovered by researcher Nightmare-Eclipse, this vulnerability enables unauthorized users to access encrypted drives quickly. The exploit involves transferring a custom FsTx folder to a USB drive, connecting it to a BitLocker-protected device, and entering recovery mode to gain command prompt access without needing a BitLocker recovery key. Esteemed researchers Kevin Beaumont and Will Dormann have confirmed the exploit's functionality, although the specific mechanism within the FsTx folder that enables the bypass is not fully understood.

Winsage

May 13, 2026

Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher known as Chaotic Eclipse has released proof-of-concept exploits for two unpatched vulnerabilities in Microsoft Windows: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege-escalation flaw. The YellowKey vulnerability affects Windows 11 and Windows Server 2022/2025, allowing unauthorized access to BitLocker-protected volumes by exploiting the Windows Recovery Environment. The exploit can be executed using specially crafted 'FsTx' files on a USB drive or directly on the EFI partition. Independent researcher Kevin Beaumont has validated the exploit, which can bypass BitLocker protections even in a Trusted Platform Module (TPM) environment. The GreenPlasma vulnerability allows unprivileged users to create arbitrary memory-section objects, potentially leading to privilege escalation. Chaotic Eclipse has expressed dissatisfaction with Microsoft's handling of bug reports, prompting the public disclosure of these vulnerabilities. Microsoft has stated its commitment to investigating security issues and updating affected devices.

Winsage

May 4, 2026

6 months after Windows 10 was put to pasture, over a quarter of Steam users are still on the dying OS

Windows holds a 93.47% share of users on Steam, but only 67.74% have upgraded to Windows 11 nearly five years after its launch, with 25.53% still using Windows 10. The adoption of Windows 11 has been hindered by the TPM 2.0 requirement and high hardware costs. Linux's share of Steam users decreased from 5% to 4.52%. Governments, including France, are considering alternatives to Windows.

Winsage

April 16, 2026

Microsoft: April updates trigger BitLocker key prompts on some servers

Microsoft announced that certain Windows Server 2025 devices may experience a BitLocker recovery prompt after installing the April 2026 KB5082063 Windows security update. The recovery mode will be triggered under specific conditions: BitLocker must be enabled on the operating system drive, the Group Policy for TPM validation must be configured with PCR7, the Secure Boot State PCR7 Binding must indicate "Not Possible," the Windows UEFI CA 2023 certificate must be in the Secure Boot Signature Database, and the device must not be using the 2023-signed Windows Boot Manager. Microsoft stated that this issue is unlikely to affect personal devices, as the configurations are mainly found in enterprise-managed systems. They are working on a resolution and recommend administrators remove the Group Policy configuration before deploying the update. If removal is not possible, applying a Known Issue Rollback (KIR) is advised to prevent triggering the recovery prompt. Microsoft has previously addressed similar BitLocker recovery prompt issues in May 2025, August 2024, and August 2022.

Winsage

March 30, 2026

Why Teams, OneDrive, and Windows 11 work better together on modern hardware

Microsoft Teams and OneDrive are integral to Windows 11, enhancing productivity and collaboration. To run Windows 11, a dedicated Trusted Platform Module (TPM) 2.0 chip is essential for security features like device attestation and secure key storage. TPM 2.0 enables seamless sign-ins via Windows Hello and ensures that only secure devices can access sensitive data in Teams and OneDrive. BitLocker, which also uses TPM 2.0, protects data on lost or stolen devices. Modern processors from Intel, AMD, and Qualcomm use hybrid architecture, optimizing performance by allocating specialized cores for demanding tasks and energy-efficient processes. This configuration improves video conferencing in Teams and file operations in OneDrive. NVMe SSDs are standard in Windows 11 PCs, providing low latency and high bandwidth that enhance responsiveness, boot times, and multitasking. Fast SSDs reduce wait times for file sharing in Teams. Many Windows 11 PCs are Copilot+ PCs, equipped with a Neural Processing Unit (NPU) that enhances on-device AI capabilities. The NPU improves real-time transcription in Teams and simplifies document searches in OneDrive. Modern GPUs manage animations and display settings in Windows 11, improving video call efficiency in Teams and enhancing thumbnail generation and video playback in OneDrive. The latest Wi-Fi standards, including Wi-Fi 6, Wi-Fi 6E, and Wi-Fi 7, provide enhanced security and reliability. They ensure low latency and high throughput for seamless video conferencing in Teams and faster uploads and downloads in OneDrive.

Winsage

March 24, 2026

My 5-step security checklist for every new Windows PC

Windows 11 Pro, Enterprise, and Education editions include BitLocker, a tool that encrypts the system drive to protect against unauthorized access. BitLocker requires a 48-digit recovery key for access if the device is compromised. A Trusted Platform Module (TPM) chip is necessary for BitLocker to function, which is standard in most computers made in the last eight to nine years. To enable BitLocker, users must open File Explorer, right-click the system drive, select "Turn on BitLocker," back up the recovery key, choose the encryption portion, and run a system check to start the encryption process.

Winsage

March 4, 2026

Did Windows 10 automatically update itself on this user’s PC with curiously perfect timing — or was this mid-shower surprise just an honest mistake?

Microsoft has been encouraging users to upgrade to Windows 11 since its launch in October 2021, employing tactics such as full-screen pop-up ads. Some users prefer Windows 10 due to its hardware requirements and design issues. A user named 'djseifer' reported that their Windows 10 PC automatically upgraded to Windows 11 while they were away, despite declining previous upgrade prompts. Upon returning, they expressed dissatisfaction with the new interface, particularly the Start menu and centralized taskbar. It is generally understood that Microsoft should not forcibly upgrade a user's operating system without consent, although the user may have inadvertently consented through prior agreements. Users can disable automatic updates to maintain their Windows 10 experience, but this may expose them to security vulnerabilities. Microsoft requires TPM 2.0 for Windows 11, complicating upgrades for unsupported hardware. Windows 10 will still be usable after Microsoft ends support on October 14, 2025, but users will face increased risks from cyber threats. Extended Security Updates (ESU) will provide limited security updates for a time.

Winsage

February 23, 2026

Don’t Buy a Refurbished or Used Windows 10 Computer

The author explored used and refurbished laptops for a testing lab, focusing on budget-friendly options, particularly those running Windows 10. Microsoft has ceased support for Windows 10, leaving users vulnerable to security risks compared to those using Windows 11. Many Windows 10 devices may not support an upgrade to Windows 11, making them less desirable despite their lower prices. Users are advised to consider the importance of security and check compatibility with Windows 11 before purchasing. Devices manufactured in the last five years are more likely to support the upgrade. Indicators that a computer may not support Windows 11 include being manufactured before 2019, having an older processor, running a version of Windows earlier than 10, or lacking support for Secure Boot, TPM, or UEFI. If a computer is kept offline, the operating system's importance is reduced, but this scenario is rare. The author recommends against purchasing Windows 10 devices, as refurbished Windows 11 models are only slightly more expensive and offer better security.

AppWizard

February 1, 2026

‘Anyone mad is a cheater:’ Players are divided as Rust beefs up anti-cheat with more effective—and invasive—upgrades

The presence of a "cheat community" in Rust has led to harassment of developers, prompting Facepunch to implement security measures similar to those in other games, including Secure Boot and Trusted Platform Module (TPM) requirements. Starting in March, server owners will have the option to allow connections only from players with Secure Boot and TPM 2.0 enabled, with plans to potentially make this mandatory. This decision is influenced by the effectiveness of invasive anti-cheat strategies, although it has faced mixed reactions from the community regarding accessibility and system upgrades. Facepunch has also decided against bringing Rust to Linux or Proton due to these evolving anti-cheat protocols.