Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Microsoft released mitigations for YellowKey (CVE-2026-45585), a BitLocker security feature bypass disclosed publicly with a proof-of-concept. The flaw lets an attacker with physical access place specially crafted FsTx files on a USB or EFI partition, reboot into Windows Recovery Environment (WinRE), and spawn an unrestricted shell to access BitLocker-protected volumes; affected systems include several Windows 11 x64 versions and Windows Server 2025. Microsoft and researchers recommend removing autofstx.exe from WinRE, reestablishing BitLocker trust for WinRE, and switching from TPM-only protectors to TPM+PIN to mitigate the risk.