Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix
Summary
Microsoft is developing a patch for a zero-day vulnerability known as "YellowKey" that allows attackers with physical access to a Windows device to bypass Bitlocker encryption. The vulnerability, tracked as CVE-2026-45585, has a public proof of concept, and Microsoft has provided temporary mitigation steps while a permanent fix is created.
IFF Assessment
This vulnerability allows attackers to bypass encryption, directly threatening data confidentiality and integrity.
Severity
Defender Context
This vulnerability highlights the ongoing challenge of protecting data at rest, even with encryption solutions like Bitlocker. Defenders must focus on both patching and strengthening physical security controls for endpoints, as physical access is currently a prerequisite for exploitation. Organizations should also review their policies regarding data storage on mobile and corporate devices.