#yellowkey — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #yellowkey, aggregated by home.social.
-
https://hackingpassion.com/yellowkey-bitlocker-bypass-winre/ - If you can get physical access to a machine, #YellowKey will bypass #BitLocker on a fully patched #Windows machine.
-
https://hackingpassion.com/yellowkey-bitlocker-bypass-winre/ - If you can get physical access to a machine, #YellowKey will bypass #BitLocker on a fully patched #Windows machine.
-
https://hackingpassion.com/yellowkey-bitlocker-bypass-winre/ - If you can get physical access to a machine, #YellowKey will bypass #BitLocker on a fully patched #Windows machine.
-
https://hackingpassion.com/yellowkey-bitlocker-bypass-winre/ - If you can get physical access to a machine, #YellowKey will bypass #BitLocker on a fully patched #Windows machine.
-
https://hackingpassion.com/yellowkey-bitlocker-bypass-winre/ - If you can get physical access to a machine, #YellowKey will bypass #BitLocker on a fully patched #Windows machine.
-
#Microsoft #BitLocker-protected drives can now be opened with just some files on a #USB stick — YellowKey #zeroday #exploit demonstrates an apparent backdoor #YellowKey is kind of crazy because now, any device that was stolen but protected by BitLocker is now super-compromised, with no recourse
-
#Microsoft #BitLocker-protected drives can now be opened with just some files on a #USB stick — YellowKey #zeroday #exploit demonstrates an apparent backdoor #YellowKey is kind of crazy because now, any device that was stolen but protected by BitLocker is now super-compromised, with no recourse
-
#Microsoft #BitLocker-protected drives can now be opened with just some files on a #USB stick — YellowKey #zeroday #exploit demonstrates an apparent backdoor #YellowKey is kind of crazy because now, any device that was stolen but protected by BitLocker is now super-compromised, with no recourse
-
#Microsoft #BitLocker-protected drives can now be opened with just some files on a #USB stick — YellowKey #zeroday #exploit demonstrates an apparent backdoor #YellowKey is kind of crazy because now, any device that was stolen but protected by BitLocker is now super-compromised, with no recourse
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
YellowKey: BitLocker Bypass or Backdoor
YellowKey, tracked as CVE-2026-45585, is a public BitLocker bypass that abuses WinRE/recovery-path behavior to expose a protected volume without the Windows password, recovery key, or AES cracking.
At the time of this post, the author’s GitHub and original YellowKey repo appear to be down.
Read more: https://forum.hashpwn.net/post/13339
#BitLocker #YellowKey #CVE202645585 #CyberSecurity #InfoSec #WindowsSecurity #TPM #FullDiskEncryption #hack #exploit #news #hashpwn
-
#Microsoft shares mitigation for #YellowKey #Windows zero-day
-
#Microsoft shares mitigation for #YellowKey #Windows zero-day
-
#Microsoft shares mitigation for #YellowKey #Windows zero-day
-
#Microsoft shares mitigation for #YellowKey #Windows zero-day
-
#Microsoft shares mitigation for #YellowKey #Windows zero-day
-
A Grantler [email protected]
@agrantler.bsky.social
· 5 Min.
Running bitlocker with TPM only without PIN has never been a good idea. Question is, why there's the WinRE feature for unlocking the device at all. This looks really like a #backdoor.
And there are rumors there's a vulnerability for TPM+PIN, too.
We'll see.#microsoft #infosec #cybersec #yellowkey #news
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html
-
A Grantler [email protected]
@agrantler.bsky.social
· 5 Min.
Running bitlocker with TPM only without PIN has never been a good idea. Question is, why there's the WinRE feature for unlocking the device at all. This looks really like a #backdoor.
And there are rumors there's a vulnerability for TPM+PIN, too.
We'll see.#microsoft #infosec #cybersec #yellowkey #news
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html
-
A Grantler [email protected]
@agrantler.bsky.social
· 5 Min.
Running bitlocker with TPM only without PIN has never been a good idea. Question is, why there's the WinRE feature for unlocking the device at all. This looks really like a #backdoor.
And there are rumors there's a vulnerability for TPM+PIN, too.
We'll see.#microsoft #infosec #cybersec #yellowkey #news
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html
-
A Grantler [email protected]
@agrantler.bsky.social
· 5 Min.
Running bitlocker with TPM only without PIN has never been a good idea. Question is, why there's the WinRE feature for unlocking the device at all. This looks really like a #backdoor.
And there are rumors there's a vulnerability for TPM+PIN, too.
We'll see.#microsoft #infosec #cybersec #yellowkey #news
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html
-
A Grantler [email protected]
@agrantler.bsky.social
· 5 Min.
Running bitlocker with TPM only without PIN has never been a good idea. Question is, why there's the WinRE feature for unlocking the device at all. This looks really like a #backdoor.
And there are rumors there's a vulnerability for TPM+PIN, too.
We'll see.#microsoft #infosec #cybersec #yellowkey #news
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html
-
🚨 CVE-2026-45585 (YellowKey)
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-45585
#nttdata #zen #secdb #infosec
#yellowkey #microsoft #bitlocker #cve202645585 -
🚨 CVE-2026-45585 (YellowKey)
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-45585
#nttdata #zen #secdb #infosec
#yellowkey #microsoft #bitlocker #cve202645585 -
🚨 CVE-2026-45585 (YellowKey)
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-45585
#nttdata #zen #secdb #infosec
#yellowkey #microsoft #bitlocker #cve202645585 -
Option 2: Mastodon
🚨 New Episode Live: YellowKeyA new zero-day called "YellowKey" lets attackers bypass default BitLocker encryption with a simple USB trick. Microsoft hasn't patched it yet.
We break down the exploit, the "backdoor" accusations, and exactly how to secure your drive today.
Don't trust the default. Listen now: ImpracticalPrivacy.com
#BitLocker #Privacy #InfoSec #CyberSecurity #OpenSource #YellowKey #Microsoft #Surveillance #Windows #Windows11 #OpSec #Encryption
-
Option 2: Mastodon
🚨 New Episode Live: YellowKeyA new zero-day called "YellowKey" lets attackers bypass default BitLocker encryption with a simple USB trick. Microsoft hasn't patched it yet.
We break down the exploit, the "backdoor" accusations, and exactly how to secure your drive today.
Don't trust the default. Listen now: ImpracticalPrivacy.com
#BitLocker #Privacy #InfoSec #CyberSecurity #OpenSource #YellowKey #Microsoft #Surveillance #Windows #Windows11 #OpSec #Encryption
-
Option 2: Mastodon
🚨 New Episode Live: YellowKeyA new zero-day called "YellowKey" lets attackers bypass default BitLocker encryption with a simple USB trick. Microsoft hasn't patched it yet.
We break down the exploit, the "backdoor" accusations, and exactly how to secure your drive today.
Don't trust the default. Listen now: ImpracticalPrivacy.com
#BitLocker #Privacy #InfoSec #CyberSecurity #OpenSource #YellowKey #Microsoft #Surveillance #Windows #Windows11 #OpSec #Encryption
-
#Windows :windows: -Sicherheitslücken: #BitLocker-Problem und Rechteausweitung | Security https://www.heise.de/news/Windows-Sicherheitsluecken-BitLocker-Problem-und-Rechteausweitung-11297192.html #YellowKey #MiniPlasma
-
A #security researcher says #Microslop secretly built a #backdoor into #BitLocker, releases an #exploit to prove it
#YellowKey exploit bypasses BitLocker full volume #encryption via USB stick and WinRE
-
----------------
🎯 Threat Intelligence
===================Executive summary. A researcher published a reproduction for a BitLocker bypass originating from a WinRE component. The method requires copying a folder named FsTx to System Volume Information\FsTx on removable media or into the EFI area, then triggering a specific WinRE restart key sequence to obtain a shell with unrestricted access to the BitLocker‑protected volume. The report states the issue affects Windows 11 and Server 2022/2025; Windows 10 is not affected. The disclosure credits MORSE, MSTIC and Microsoft GHOST.
🔹 Technical details
• Affected images: Windows Recovery Environment (WinRE) on Windows 11 builds and Server 2022/2025 according to the author.
• Trigger mechanism: copy FsTx folder to System Volume Information\FsTx on a USB stick or write equivalent files to the EFI partition. Boot the machine, invoke Restart → WinRE via holding SHIFT while clicking Restart, then release SHIFT and hold CTRL during the transition per the reproduction steps. The author reports that if performed correctly, a shell is spawned with access to the BitLocker volume.
• Component presence: the author notes the responsible component appears only inside the WinRE image. The same component name exists in normal Windows installs but allegedly lacks the triggering functionality. The author characterizes this as suspicious but labels it preliminary.
🔹 Analysis
The observable elements are concrete: folder name FsTx, path System Volume Information\FsTx, WinRE entrypoint and the key sequence behavior. No CVE, vendor advisory, or formal patch is cited in the disclosure. The author speculates about intentional inclusion but explicitly calls the claim tentative. The source did not provide binary hashes, signed module names, or precise module APIs invoked.
🔹 Detection
The disclosure does not include vendor detection rules. Observable indicators from the report that defenders can log or hunt for include presence of an FsTx folder on removable media or unexpected files in the EFI partition, and unusual WinRE session activity following the described key sequence. No IoCs or hashes were published in the source.
🔹 Mitigation
The source did not publish mitigations or vendor guidance. Microsoft engagement is mentioned via credited teams, but no advisory is linked in the report. Until vendor guidance appears, administrators should treat the finding as preliminary.
🔹 References
Author disclosure credited MORSE, MSTIC and Microsoft GHOST. The report is labeled preliminary and the source does not verify intent or supply full technical artifacts.
🔹 bitlocker #winre #windows11 #yellowkey #microsoft
-
https://winbuzzer.com/2026/05/15/mystery-microsoft-bug-leaker-keeps-the-zero-days-c-xcxwbn/
Two more Windows zero-day claims have surfaced: YellowKey targets pre-boot BitLocker exposure, while GreenPlasma points to post-compromise privilege escalation.
#YellowKey #GreenPlasma #Microsoft #ZeroDay #PatchTuesday #BitLocker #Windows11 #Cybersecurity
-
https://winbuzzer.com/2026/05/15/mystery-microsoft-bug-leaker-keeps-the-zero-days-c-xcxwbn/
Two more Windows zero-day claims have surfaced: YellowKey targets pre-boot BitLocker exposure, while GreenPlasma points to post-compromise privilege escalation.
#YellowKey #GreenPlasma #Microsoft #ZeroDay #PatchTuesday #BitLocker #Windows11 #Cybersecurity
-
https://winbuzzer.com/2026/05/15/mystery-microsoft-bug-leaker-keeps-the-zero-days-c-xcxwbn/
Two more Windows zero-day claims have surfaced: YellowKey targets pre-boot BitLocker exposure, while GreenPlasma points to post-compromise privilege escalation.
#YellowKey #GreenPlasma #Microsoft #ZeroDay #PatchTuesday #BitLocker #Windows11 #Cybersecurity
-
https://winbuzzer.com/2026/05/15/mystery-microsoft-bug-leaker-keeps-the-zero-days-c-xcxwbn/
Two more Windows zero-day claims have surfaced: YellowKey targets pre-boot BitLocker exposure, while GreenPlasma points to post-compromise privilege escalation.
#YellowKey #GreenPlasma #Microsoft #ZeroDay #PatchTuesday #BitLocker #Windows11 #Cybersecurity
-
https://winbuzzer.com/2026/05/15/mystery-microsoft-bug-leaker-keeps-the-zero-days-c-xcxwbn/
Two more Windows zero-day claims have surfaced: YellowKey targets pre-boot BitLocker exposure, while GreenPlasma points to post-compromise privilege escalation.
#YellowKey #GreenPlasma #Microsoft #ZeroDay #PatchTuesday #BitLocker #Windows11 #Cybersecurity
-
Anyone know if #YellowKey also works when your device is prompting for the recovery key on startup instead of properly booting?
-
Windows encryption has a universal backdoor.
There is no way this was not built intentionally. The most optimistic outlook is a test build made it into prod. With a single 0 byte file with a magic filename, the entirety of the encrypted drive is available. It only impacts Windows 11 and Server 25.
You can assume anyone with a flash drive can decrypt the contents of a Windows hard drive. It takes zero skill.
-
«BitUnlocker knackt BitLocker in unter fünf Minuten:
BitUnlocker knackt BitLocker auf Windows 11 in unter fünf Minuten. Betroffen sind TPM-only-Systeme ohne PIN»Hach ja, MS und Co. verkaufen sich gerne als sicher. Auch auf Linux, *BSD kann je nach Einstellungen unsicher sein aber bei MS ist es ein immer wieder ein aktuelles Thema. Verschlüsselungen ist je nach deren Umsetzung sicher.
🙄 https://tarnkappe.info/artikel/it-sicherheit/bitunlocker-knackt-bitlocker-windows-11-329149.html
#microsoft #windows #bitlocker #YellowKey #Win11 #bitunlocker #windows11 #itsec
-
«BitUnlocker knackt BitLocker in unter fünf Minuten:
BitUnlocker knackt BitLocker auf Windows 11 in unter fünf Minuten. Betroffen sind TPM-only-Systeme ohne PIN»Hach ja, MS und Co. verkaufen sich gerne als sicher. Auch auf Linux, *BSD kann je nach Einstellungen unsicher sein aber bei MS ist es ein immer wieder ein aktuelles Thema. Verschlüsselungen ist je nach deren Umsetzung sicher.
🙄 https://tarnkappe.info/artikel/it-sicherheit/bitunlocker-knackt-bitlocker-windows-11-329149.html
#microsoft #windows #bitlocker #YellowKey #Win11 #bitunlocker #windows11 #itsec
-
«BitUnlocker knackt BitLocker in unter fünf Minuten:
BitUnlocker knackt BitLocker auf Windows 11 in unter fünf Minuten. Betroffen sind TPM-only-Systeme ohne PIN»Hach ja, MS und Co. verkaufen sich gerne als sicher. Auch auf Linux, *BSD kann je nach Einstellungen unsicher sein aber bei MS ist es ein immer wieder ein aktuelles Thema. Verschlüsselungen ist je nach deren Umsetzung sicher.
🙄 https://tarnkappe.info/artikel/it-sicherheit/bitunlocker-knackt-bitlocker-windows-11-329149.html
#microsoft #windows #bitlocker #YellowKey #Win11 #bitunlocker #windows11 #itsec
-
«BitUnlocker knackt BitLocker in unter fünf Minuten:
BitUnlocker knackt BitLocker auf Windows 11 in unter fünf Minuten. Betroffen sind TPM-only-Systeme ohne PIN»Hach ja, MS und Co. verkaufen sich gerne als sicher. Auch auf Linux, *BSD kann je nach Einstellungen unsicher sein aber bei MS ist es ein immer wieder ein aktuelles Thema. Verschlüsselungen ist je nach deren Umsetzung sicher.
🙄 https://tarnkappe.info/artikel/it-sicherheit/bitunlocker-knackt-bitlocker-windows-11-329149.html
#microsoft #windows #bitlocker #YellowKey #Win11 #bitunlocker #windows11 #itsec