Zero-Day Exploit Against Windows BitLocker
Summary
A zero-day exploit, named YellowKey, bypasses default Windows 11 BitLocker deployments. The exploit requires physical access to the computer and was published by a researcher known as Nightmare-Eclipse.
IFF Assessment
The zero-day exploit allows bypassing BitLocker encryption, which is a bad thing for defenders.
Severity
A CVSS score of 6.8 seems appropriate because while it requires physical access, the impact is high as it bypasses full-disk encryption, compromising confidentiality and integrity.
Defender Context
This exploit highlights the risk of physical access attacks, even with full-disk encryption enabled. Defenders need to consider physical security controls, multi-factor authentication, and monitoring for unauthorized access attempts. It's also a reminder to review BitLocker configurations and understand the limitations of TPM-based encryption when physical access is obtained.