[email protected]13h ago

If I understand this correctly every past and present theft of a windows notebook that contains PII encrypted with #bitlocker got a potential „upgrade“ regarding #gdpr.

#yellowKey

https://cyberplace.social/@GossiTheDog/116605854300742081

Kevin Beaumont (@[email protected])

Microsoft have issued a CVE for the YellowKey BitLocker bypass and provided mitigation advice - CVE-2026-45585 My take - mitigations too fiddly to actually deploy, BitLocker+PIN and BIOS password mitigates and should be used if you are sensitive to BitLocker bypass threats. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585

Cyberplace
Winbuzzer1d ago

https://winbuzzer.com/2026/06/01/github-ban-escalates-microsofts-yellowkey-dispute-xcxwbn/

GitHub appears to have banned the security researcher behind the YellowKey BitLocker exploit reveal, widening Microsoft's fight over public disclosures.

#GitHub #YellowKey #Microsoft #BitLocker #Windows11 #ZeroDay #Exploits #WindowsSecurity #Cybersecurity

Show threadM Schommer4d ago

@bjoern
Es scheint noch viel schlimmer zu sein: Das was über #YellowKey bekannt geworden ist sieht sehr viel mehr wie eine #Backdoor in #Bitlocker aus als eine versehentlich gevibete Schwachstelle...

@heiseonline

M Schommer4d ago
Wenn ihr euch bisher darauf verlassen habt dass eure Festplatten dank #Bitlocker verschlüsselt und eure Daten felsenfest geschützt sind... Nope. #YellowKey sieht nicht aus wie ein Bug, sondern wie eine absichtlich eingebaute #Backdoor.
Show threadM Schommer5d ago
@natesubra
I just skimmed over that #YellowKey thing. But the way I understand it... well: I don't know whether a responsible way to disclose such a blatantly backdoor-looking vulnerability even exists.
@GossiTheDog
robrichMay 26
https://hackingpassion.com/yellowkey-bitlocker-bypass-winre/ - If you can get physical access to a machine, #YellowKey will bypass #BitLocker on a fully patched #Windows machine.
YellowKey Bypasses BitLocker on Windows 11 Using Nothing But a Folder on a USB Stick

A folder on a USB stick bypasses BitLocker on Windows 11. No password required. YellowKey is an unpatched zero-day with no CVE assigned by Microsoft.

HackingPassion.com : [email protected][~]
CycloneMay 23

YellowKey: BitLocker Bypass or Backdoor

YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.

At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.

Read more: https://forum.hashpwn.net/post/13339

#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn

WinFuture.deMay 22
Ein #Sicherheitsforscher hatte sechs #Windows-#Schwachstellen öffentlich gemacht. #Microsoft kritisiert den Entdecker dafür scharf. Der wehrt sich vehement und erhebt seinerseits Vorwürfe. #YellowKey https://winfuture.de/news,158877.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia
YellowKey: Konflikt zwischen Microsoft und Sicherheitsforscher eskaliert

Ein einzelner Sicherheitsforscher hatte in den vergangenen Wochen ganze sechs Windows-Schwachstellen öffentlich gemacht. Microsoft kritisiert den Entdecker nun scharf. Der wittert Rufschädigung und wehrt sich vehement.

WinFuture.de
Geoff VassMay 21
TL;DR reagentc /disable #yellowkey
The New OilMay 21

#Microsoft shares mitigation for #YellowKey #Windows zero-day

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-mitigation-for-yellowkey-windows-zero-day/

#BitLocker #cybersecurity #FDE #encryption

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives.

BleepingComputer