Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Ravie LakshmananMay 20, 2026Vulnerability / Encryption

Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.

The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature bypass.

"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as 'YellowKey,'" the tech giant said in an advisory. "The proof of concept for this vulnerability has been made public, violating coordinated vulnerability best practices."

The issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation).

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Other newsrooms on this story

Related reading

Microsoft shares mitigation for YellowKey Windows zero-day

Other newsrooms on this story

Related reading

Microsoft shares mitigation for YellowKey Windows zero-day

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

Windows BitLocker zero-day gives access to protected drives, PoC released

BitLocker sotto attacco: Microsoft spiega come fermare YellowKey

Zero-Day Exploit Against Windows BitLocker - Schneier on Security

Zero-day exploit completely defeats default Windows 11 BitLocker protections