USB Archives

Winsage

May 28, 2026

“I have proof for every single word”: This security researcher’s GitHub and Microsoft accounts were deleted after claiming a Windows 11 exploit in BitLocker is by design

A zero-day exploit named YellowKey was revealed by a researcher known as "Chaotic Eclipse" or Nightmare-Eclipse, which allows access to BitLocker-protected drives on Windows 11 using a USB key. Microsoft acknowledged the vulnerability, tracked as CVE-2026-45585, and provided mitigation strategies. The researcher expressed frustration over Microsoft's handling of the situation, including the banning of their GitHub account and lack of communication regarding unpaid bounties from Microsoft's MSRC program, which offers rewards for reporting vulnerabilities. Nightmare-Eclipse hinted at having evidence to support their claims and indicated plans to release documents related to the issue.

Winsage

May 26, 2026

A recent HP laptop BIOS bug is leaving high-end Windows 11 PCs stuck in an endless BitLocker recovery loop

HP laptop owners, especially those with EliteBooks, ProBooks, and ZBook workstations, are experiencing issues after a recent BIOS firmware update via Windows Update, leading to system freezes and Blue Screen of Death errors. HP has acknowledged the problem and is investigating it, noting that Microsoft’s 2023 certificates may not apply correctly during this issue. Users are advised to check the UEFICA2023Status and UEFICA2023Error registry values to assess the update process. If the UEFICA2023Status is "In Progress" for too long and UEFICA2023Error is greater than 0, the update has failed. HP recommends disabling automatic updates to avoid the problematic BIOS update and has provided a manual workaround for the BitLocker Recovery loop. Users can also revert to a stable BIOS version, though this may be challenging and may require specific hardware.

Winsage

May 25, 2026

Windows 11 New Build Adds Screen Tint, Voice Isolation, and Plug-and-Play Braille Display Support

Microsoft has released the Windows 11 Insider Experimental Preview Build 26300.8497, introducing new accessibility features including a Screen Tint option, Voice Isolation in Voice Access, and upgrades to Magnifier and Narrator. The Screen Tint setting allows users to apply a color overlay to reduce screen brightness, beneficial for those with eye strain. It can be accessed in the Settings menu under Accessibility and operates independently of the Night Light feature. The update also enhances Narrator by adding support for plug-and-play braille displays that comply with the HID standard, allowing immediate connection via USB without additional drivers. Compatible braille models include Orbit Reader 20, Orbit Slate 340, Freedom Scientific Focus 40, and APH Mantis Q40. The build addresses several bugs, including a crash in explorer.exe, duplicate Energy Saver quick settings, and issues with audio muting on certain devices. Build 26300.8497 is being rolled out to the Windows 11 Insider Experimental channel, with no announcement yet on availability for the broader user base.

Winsage

May 25, 2026

Use Tiny11 to Rescue a Computer Running Windows 10

Microsoft has ended official updates and security patches for Windows 10, raising security concerns for users. Tiny11, an unofficial and streamlined version of Windows 11, serves as an alternative for those unable to upgrade due to hardware limitations. Tiny11 reduces bloat by removing preinstalled applications but lacks regular updates and robust security protections. A valid Windows 11 license key is required to use Tiny11. Users can obtain a Tiny11 ISO by downloading it from the Internet Archive or creating their own using a script from the Tiny11 GitHub page alongside an official Windows 11 ISO. To create a bootable USB drive for installation, users need at least an 8 GB USB drive and a program like Rufus.

AppWizard

May 25, 2026

Monitor live traffic from V2X signals with V2X2MAP open-source Android app and an ESP32-C5 development board

The OpenTrafficMap initiative has introduced the ESP32-C5 C-ITS receiver board, which uses 802.11p / ITS-G5 V2X communication over the 5.9 GHz WiFi 6 spectrum for traffic management. Peter Holzhauser has forked the firmware for this receiver and ported it to the Waveshare ESP32-C5-WIFI6-KIT development board, adding Bluetooth Low Energy (BLE) streaming capabilities. He also developed the V2X2MAP open-source Android app to interface with the board, allowing users to monitor live traffic and visualize detected nodes on the OpenTrafficMap website. The ESP32-C5 C-ITS receiver board includes an ESP32-C5-WROOM-1 module, a GPS module, and an Ethernet port with Power over Ethernet (PoE). The V2X2MAP app captures signals from vehicles' on-board units (OBUs) and roadside units (RSUs) on the 5.9 GHz V2X band, collecting data such as GPS coordinates, speed, hazard alerts, traffic light countdowns, and intersection geometry. The app can update maps offline and refresh data via MQTT. The source code for the firmware and the V2X2MAP app is available on GitHub under an MIT license. The firmware has been adapted for the Waveshare ESP32-C5-WIFI6-KIT, which is available for purchase online. Users are cautioned about legal considerations regarding the reception and forwarding of ITS-G5 radio data, particularly concerning GDPR compliance in Europe. The ITS-G5 standard is primarily used in Europe, while other regions may rely on C-V2X technology.

Winsage

May 25, 2026

Windows zero-days expose gaps in built-in security protections

Two Windows zero-day vulnerabilities, YellowKey and GreenPlasma, have been identified. YellowKey targets the Windows Recovery Environment (WinRE) on Windows 11 and Windows Server 2025, allowing attackers with physical access to bypass BitLocker protections using a USB device. GreenPlasma affects Windows 10, Windows 11, and Windows Server environments with active Collaborative Translation Framework Monitor (CTFMON) sessions, enabling local privilege escalation from a standard user account to SYSTEM-level privileges. Both vulnerabilities require either physical or local access to exploit. Microsoft has not yet released patches for these vulnerabilities, prompting organizations to enhance their security measures and operational resilience. Recommendations include reassessing physical security, limiting local administrative access, and implementing multifactor authentication and robust credential management practices.

AppWizard

May 23, 2026

Retro enthusiast injects Snake game into vintage S3 graphics card VBIOS — enjoy some serpentum fun while your old PC boots

A retro PC enthusiast modified the VBIOS of an S3 ViRGE DX graphics card to include a version of the classic game Snake, allowing users to play it briefly during system boot. This project, by the YouTube channel Bits und Bolts, involved embedding Snake 512, a compact game written in x86 assembly language. The modification includes a dynamic text splash screen displaying the GPU's operating frequency and prompts users to play Snake or skip to the boot process. The implementation does not support USB keyboards and has no sound during gameplay. The enthusiast also customized the game's colors using hexadecimal values from the VGA color palette.

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Winsage

May 23, 2026

Announcing new builds for 22 May 2026

The Windows Insider Program is rolling out changes across various channels, with new builds of Windows 11 Insider Preview available. The transition for devices in the Canary 29500 Series Channel to the new experience has not yet begun. New features include: 1. Screen Tint: An accessibility feature that applies a color overlay to reduce screen intensity. 2. Narrator: Enhanced support for HID-compatible braille displays, allowing for plug-and-play functionality via USB or Bluetooth. 3. Voice Isolation in Voice Access: A feature that improves voice recognition by filtering out background noise, processing occurs privately on the device.

Winsage

May 22, 2026

Microsoft says public sharing of Windows 11 vulnerability violates ‘best practices’

A security researcher known as Nightmare-Eclipse revealed a vulnerability in Windows 11, named YellowKey, which allows attackers to access BitLocker-encrypted drives through the Windows Recovery Environment. Microsoft acknowledged the vulnerability, assigned it the identifier CVE-2026-45585, and criticized the public sharing of its proof of concept. Currently, there is no patch available for the BitLocker bypass, but physical access to the device provides some protection. The vulnerability does not exist in Windows 10 due to differences in the Windows Recovery Environment. The attack requires a stolen Windows 11 laptop and a USB stick, and the vulnerable filesystems include NTFS, FAT32, and exFAT. Nightmare-Eclipse speculated that the bypass may function as a backdoor, while Microsoft referred to it as a "security feature bypass vulnerability."