Microsoft is working on a patch for 'YellowKey' attack on Bitlocker, offers temporary fix

newsMay 20, 20264 mins

Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available.

The company issued an advisory Tuesday saying that companies should act to mitigate the issue, tracked as CVE-2026-45585, while it examines the possibility of a patch. In its advisory, it provided the immediate steps that companies should take. A key defense against possible attack is to limit access to vulnerable devices, as physical access is required for exploit.

“Organizations should start by auditing their environment for the conditions that exist that leave them vulnerable to YellowKey,” said Eric Grenier, senior director analyst at Gartner. “They should also have a clear understanding of their risk acceptance in the case of a lost/stolen device and, based on that acceptance (or non-acceptance), follow the steps such as customizing Secure Boot and ensuring firmware and Boot integrity.” .

Karl Fosaaen, VP of research at cybersecurity company NetSPI, agreed. “Since this vulnerability requires physical access to exploit, organizations should be focusing on the physical security controls around their Windows devices,” he said. “Having strong policies and controls around physical access to devices is a good first step in helping protect the potentially vulnerable devices. If there are additional concerns about attackers being able to gain access to files on the system, organizations can look at limiting the data that they allow users to store locally.”