Microsoft Mitigates YellowKey BitLocker Bypass (CVE‑2026‑45585) Reducing Drive Decryption Risk
What It Is – Microsoft disclosed a zero‑day vulnerability in BitLocker, dubbed YellowKey, tracked as CVE‑2026‑45585. The flaw allows an attacker with local system access to bypass BitLocker’s encryption protections and potentially read or modify data on protected drives.
Exploitability – A proof‑of‑concept has been publicly released, but no evidence of widespread active exploitation has surfaced. The vulnerability carries a CVSS 3.1 base score of 6.8 (Moderate). Microsoft issued a mitigation update the same day the flaw was disclosed.
Affected Products – Windows 10, Windows 11, and Windows Server editions that include BitLocker (all current and supported releases).
TPRM Impact – Organizations that rely on BitLocker for data‑at‑rest protection face a supply‑chain risk: a compromised third‑party device or a malicious insider could extract encrypted data without the encryption key. Managed Service Providers (MSPs) and cloud‑hosted workloads that inherit BitLocker settings from customer images are also exposed.
Recommended Actions –
- Deploy Microsoft’s mitigation update (KB XXXXX) immediately on all Windows endpoints using BitLocker.
- Verify that BitLocker policies enforce TPM‑only key storage and disable legacy USB boot options.
- Conduct a rapid inventory of devices that have BitLocker enabled and confirm they are patched.
- Review third‑party vendor contracts for clauses requiring timely security updates on encryption tools.
- Consider supplemental encryption layers (e.g., file‑level encryption) for highly sensitive data until full remediation is confirmed.
Source: The Hacker News