3 verified briefings on Bitlocker. Each story includes a plain-English summary, why it matters, and the concrete action engineering teams should take.
A new vulnerability called YellowKey allows attackers with access to a Windows device to bypass Bitlocker encryption and access files. Microsoft is working on a permanent patch for the flaw (CVE-2026-45585) and has released temporary mitigation steps for companies to implement immediately.
Microsoft has released a mitigation for a BitLocker security bypass vulnerability known as "YellowKey." The zero-day flaw, tracked as CVE-2026-45585, was publicly disclosed last week and carries a CVSS score of 6.8, affecting the Windows disk encryption feature.
A new exploit called YellowKey can bypass Windows 11's BitLocker full-disk encryption. Published by a security researcher, the attack works on default deployments but requires direct physical access to the target computer. The vulnerability affects systems that use a TPM to store decryption keys.