Microsoft released mitigation guidance on Wednesday for the YellowKey Windows BitLocker zero-day vulnerability that allows unauthorized access to protected drives [1].
This security flaw is critical because it enables attackers to bypass encryption, potentially exposing sensitive data on devices running Windows 11 and other Windows operating systems [2].
The vulnerability, also referred to as the "Angry Hacker" zero-day [3], allows an attacker to gain access to encrypted drives using a USB key [4]. Because a permanent patch is not yet available, Microsoft is urging users to implement the provided mitigation steps to protect their data until a formal update is deployed [1].
Internal reactions to the flaw have been stark. A Microsoft spokesperson said, "Can't come up with an explanation beside the fact that this was intentional" [4].
This incident is part of a larger pattern of security failures. The YellowKey flaw and another known as GreenPlasma are the latest in a series of five Microsoft zero-day bugs exposed by a single researcher this year [5]. Other recent reports indicate that two Microsoft Defender zero-day vulnerabilities are currently being actively exploited [6], while a separate report noted three Defender vulnerabilities disclosed by the same researcher [7].
Microsoft has not specified a date for the final patch but continues to advise users to follow the mitigation protocols to secure their systems against the USB-based exploit [1].
“"Can't come up with an explanation beside the fact that this was intentional."”
The recurrence of zero-day vulnerabilities linked to a single researcher suggests a targeted effort to expose systemic weaknesses in Microsoft's security architecture. The fact that a BitLocker flaw can be exploited via a physical USB key undermines the primary security assumption of full-disk encryption: that data is safe if the device is powered down or locked.
