Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives.

The security flaw was disclosed last week by an anonymous security researcher known as 'Nightmare Eclipse,' who described it as a backdoor and published a proof-of-concept (PoC) exploit.

Nightmare Eclipse said that exploiting this zero-day involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, rebooting into WinRE, and then triggering a shell with unrestricted access to the BitLocker-protected storage volume by holding down the CTRL key.

Last month, they also disclosed the BlueHammer (CVE-2026-33825) and RedSun (no identifier) local privilege escalation (LPE) zero-day flaws, both of which are now being exploited in attacks.

The researcher also leaked GreenPlasma, a zero-day privilege-escalation security issue that attackers can abuse to obtain a SYSTEM shell, and UnDefend, another zero-day that attackers with standard user permissions can exploit to block Microsoft Defender definition updates.

Microsoft shares mitigation for YellowKey Windows zero-day

Other newsrooms on this story

Related reading

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585…

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

Windows BitLocker zero-day gives access to protected drives, PoC released

Zero-day exploit completely defeats default Windows 11 BitLocker protections

Zero-Day Exploit Against Windows BitLocker - Schneier on Security

Windows vulnerabilities: BitLocker problem and privilege escalation