- Description
- Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- windows_11_24h2, windows_11_25h2, windows_11_26h1, windows_server_2025
CVSS 3.1
- Type
- Secondary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-77
- Hype score
- Not currently trending
【YellowKey:BitLocker回避への緩和策が公開】 BitLocker回避手法「YellowKey」について、Microsoftが緩和策を示しました。 CVE-2026-45585として扱われ、Windows 11やWindows Server 2025が影響を受けると報じられています。
@01ra66it
21 May 2026
217 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft has released mitigations addressing the “YellowKey” BitLocker bypass vulnerability (CVE-2026-45585), which impacted Windows 11 version 26H1, 24H2, 25H2 for x64 Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation). https://t.co/La9PlNEnNh
@pr0rat
21 May 2026
130 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
マイクロソフトは、BitLockerのバイパス脆弱性「YellowKey」(CVE-2026-45585)に対する対策を提供しています Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) #HelpNetSecurity (May 20) https://t.co/c73POcCZeT
@foxbook
21 May 2026
258 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
윈도우 비트락커 우회 취약점(CVE-2026-45585) 패치 설치 권고 (출처 : Virus My.. | 블로그) https://t.co/4FDRYtsfyI
@virusmyths
20 May 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/WAEBC3FFGi
@JosephLykowski
20 May 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft acknowledges YellowKey CVE-2026-45585 (CVSS 6.8) BitLocker bypass affecting Windows 11 24H2+ and Server 2025. Physical attack spawns unrestricted shell via crafted FsTx files. Disable autofstx.exe and enable TPM+PIN immediately. #DFIR_Radar https://t.co/cYYOAZWYLH
@DFIR_Radar
20 May 2026
127 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
New BitLocker bypass exploits Windows Recovery Environment to decrypt drives using Microsoft's own tools. No patch available despite CVE assignment. Researcher withholding follow-on attack that also defeats startup PIN protection. Technical details: • CVE-2026-45585 affects ht
@DFIR_Radar
20 May 2026
154 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2026-45585: Microsoft releases mitigation for YellowKey BitLocker bypass. This WinRE-related flaw may allow encrypted data access if an attacker has physical access to the device. https://t.co/3zPIIbFy4w #Microsoft #BitLocker #YellowKey #CVE #WindowsSecurity #Vulert
@vulert_official
20 May 2026
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استكمال مايكروسوفت لمعالجة ثغرة YellowKey لتجاوز BitLocker CVE-2026-45585 أصدرت مايكروسوفت معالجة لثغرة أمنية في BitLocker تسمى YellowKey، والتي تم الإعلان عنها علنًا الأسبو
@MisbarSec
20 May 2026
165 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/yzgU69Evab
@Tech_Newsletter
20 May 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) https://t.co/tfceoUo4m3
@TheCyberSecHub
20 May 2026
341 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/ADqQaQFjqo
@wvipersg
20 May 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit https://t.co/CeFLcuyyPn
@TheCyberSecHub
20 May 2026
326 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585): Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the… https://t.co/jhCbekFT
@shah_sheikh
20 May 2026
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) - https://t.co/u3QiZ499X6 - @Microsoft @msftsecurity @MsftSecIntel @ncsc_nl @wdormann #CVE #EXploit #PoC #VulnerabilityDisclosure #Windows #WindowsServer #Cybersecurity #CybersecurityNews htt
@helpnetsecurity
20 May 2026
330 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1799DC19-34BA-42B4-A6DC-02774202DE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "AAAB3FDE-4FF2-47DE-9BDA-25B2855054E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "DA9F6F61-46D3-4ECD-8B5D-1484222B7364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B12238F-DF99-4247-B645-259C3FD98F61",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]