MICROSOFT on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey, tracked as CVE-2026-45585, after its public disclosure last week. According to Microsoft, the zero‑day flaw carries a CVSS of 6.8 and is described as a BitLocker security feature bypass. The bypass was disclosed by a security researcher known as Chaotic Eclipse (aka Nightmare-Eclipse).
The issue affects Windows 11 26H1, Windows 11 24H2, Windows 11 25H2 for x64 systems, Windows Server 2025, and Windows Server 2025 (Server Core). To address the risk, Microsoft outlines a set of mitigations including mounting the WinRE image on each device, modifying BootExecute to remove autofstx[.]exe, saving and unloading the updated registry hive, unmounting and committing the WinRE image, and reestablishing BitLocker trust for WinRE.
Security researcher Will Dormann notes that the change prevents the FsTx Auto Recovery Utility from starting with WinRE, hindering the attack sequence, while Microsoft also suggests enabling TPM+PIN protection to guard against YellowKey.