Windows BitLocker exploit sparks messy feud between Microsoft and the researcher who exposed it

A HOT POTATO: A recently disclosed Windows vulnerability is drawing scrutiny for both its technical impact and the fallout between the researcher who exposed it and Microsoft. The situation has since expanded to include claims from the researcher that Microsoft ignored their reports and retaliated after the exploit was made public.

The issue centers on a zero-day exploit called "YellowKey," published earlier this month by a security researcher known as Chaotic Eclipse, also known online as Nightmare-Eclipse. The proof of concept demonstrates a method for accessing BitLocker-encrypted drives on Windows 11 using a USB device.

Notably, the researcher says the same method does not work on Windows 10, raising questions about differences in how the two operating systems handle disk encryption. Chaotic Eclipse said they could not identify any explanation for the behavior other than it being intentional.

BitLocker is widely used to secure data at rest, often tying disk encryption keys to the TPM and pre-boot integrity checks. A bypass that can be triggered externally suggests a weakness somewhere in the early boot chain or in how encryption keys are accessed during startup. While Microsoft has not published detailed technical information, the existence of a working exploit makes this a practical risk rather than a theoretical one.