Microsoft Issues Mitigation for YellowKey BitLocker Bypass

Microsoft released a mitigation on Tuesday, May 21, to address a security feature bypass vulnerability publicly known as YellowKey [1, 2].

This vulnerability is critical because it allows attackers to defeat BitLocker encryption, potentially granting unauthorized access to protected drives. The flaw specifically targets the Windows Recovery environment, creating a gap in the security layer intended to keep data private when a system is offline.

According to the company, the vulnerability is tracked as CVE-2026-45585 ^[1]. The security flaw is triggered via FsTx in Windows Recovery ^[3]. This bypass can expose sensitive data on drives that users believe are securely encrypted via BitLocker ^[4].

"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as 'YellowKey,'" a Microsoft spokesperson said ^[1].

The vulnerability has been assigned a CVSS score of 6.8 ^[1]. This score reflects the severity of the risk and the potential impact on system integrity. The issue gained attention after a hacker released a zero-day security bypass ^[5].

Because a formal patch is not yet available, the company has offered mitigation advice to help administrators and users secure their systems ^[5]. "Microsoft has announced mitigations for CVE-2026-45585, a BitLocker bypass triggered via FsTx in Windows Recovery," a Microsoft spokesperson said ^[3].

Users are encouraged to follow the provided guidance to prevent the exploitation of the bypass until a permanent software update is deployed to the Windows operating system [2, 6].