HIGH: Microsoft Ships Mitigation for YellowKey BitLocker Bypass Zero-Day (CVE-2026-45585)

Pour one out for full-disk encryption, or at least for the comforting illusion that a BitLocker-protected laptop is safe from anyone short of a state actor with a soldering iron. Microsoft confirmed earlier this week and shipped formal mitigation today for CVE-2026-45585, a zero-day a researcher calling himself Chaotic Eclipse dubbed YellowKey before publishing exploit code on GitHub last week without bothering with coordinated disclosure. The result, predictably, is a working bypass of one of the most widely deployed encryption schemes on the planet, sitting in public, with no patch in the conventional sense and only a workaround that requires administrators to edit registry values inside a mounted recovery image. If you manage Windows 11 fleets or Windows Server 2025 hosts and you trust BitLocker to be the last line of defense against device theft, today is going to be a long one.

The vulnerability lives inside the Windows Recovery Environment, the same WinRE most of us have only ever loaded when something has already gone catastrophically wrong. WinRE includes a utility called the FsTx Auto Recovery Utility, which exists to replay NTFS transaction logs from a folder named FsTx on an attached drive. The intent, on paper, is to repair filesystem damage during recovery. In practice, replaying attacker-controlled log data does something fascinating. It deletes the file that would normally lock the recovery shell down to a constrained set of operations. On the next reboot into WinRE, holding the Control key spawns a command prompt with the BitLocker-protected volume already mounted and fully readable. The attacker did not need to break BitLocker cryptography. They just convinced Windows to hand over the keys.

The CVSS score sits at 6.8, which the casual observer might wave off as medium severity, and on paper that reading is correct. The catch is that local physical access is precisely the threat model BitLocker is supposed to defend against. A 6.8 that defeats the entire reason your encryption exists is functionally a critical issue for any organization with laptops that leave the building. Affected platforms include Windows 11 versions 24H2, 25H2, and 26H1 on x64 hardware, along with Windows Server 2025 in both standard and Server Core installations. Older Windows 10 and Windows 11 23H2 systems are not on the published list, though that has less to do with security and more to do with the FsTx utility being a more recent addition to WinRE.

The disclosure itself is its own small drama. Chaotic Eclipse, who also goes by Nightmare-Eclipse, dropped the proof of concept publicly through a GitHub repository last week with a writeup explaining the exploitation chain in enough detail that a moderately motivated technician can reproduce the attack with a USB stick and twenty minutes of patience. The researcher has stated, not for the first time, that the public drops are a protest against how Microsoft Security Response Center handled prior reports. Whatever one thinks of the ethics, the practical effect for defenders is identical. The PoC is out, the technique is documented, and any laptop thief who reads The Hacker News now has a recipe for accessing the data on whatever device they grab.

Microsoft's mitigation, published today, takes the practical route of disabling the offending utility entirely rather than rewriting WinRE on the fly. Administrators are expected to mount the WinRE image on each affected device, load the Session Manager registry hive, edit the BootExecute REG_MULTI_SZ value to remove the entry referencing autofstx.exe, unload the hive, unmount the image, and then reestablish BitLocker trust so the recovery partition is properly resealed. This is not the kind of thing that lends itself to clicking a button on Windows Update. Will Dormann, who has spent his career untangling exactly this kind of Windows oddity, summarized the fix bluntly. Prevent the FsTx Auto Recovery Utility, autofstx.exe, from automatically starting when WinRE launches. The script for doing so cleanly across a fleet is left as an exercise for your endpoint team.

There is a second, arguably better, mitigation that most environments should adopt regardless. Switching BitLocker from TPM-only protection to TPM plus PIN closes the door on YellowKey entirely, because the attacker can no longer reach a point where the volume is automatically unlocked. The change can be made on already-encrypted devices via PowerShell using the Add-BitLockerKeyProtector cmdlet with the TpmAndPinProtector parameter, or through Group Policy by enabling Require additional authentication at startup with Configure TPM startup PIN set to require a startup PIN with TPM. The friction is real. Users will need to type a PIN at boot, helpdesks will field calls from people who forget that PIN, and you will need a recovery key strategy that does not depend on the same TPM. The alternative is trusting that none of your devices ever go missing and that all of them are running the WinRE registry edit successfully, which is not a trust position any prudent administrator should be in.

Detection for this one is uncomfortable. There are no network indicators, no malware payloads to hash, no command and control traffic to watch for. The exploitation happens entirely on the local device while it is booting into recovery mode, which means the standard endpoint detection stack is asleep. The forensic artifacts that do exist sit inside the WinRE volume itself, which most EDR tools do not instrument, and the FsTx folder on the malicious USB will be long gone by the time anyone investigates. Practical detection comes down to physical access controls, asset tracking, full disk encryption with PIN enforcement, and treating any reported theft or loss of a corporate device as a foregone data breach until proven otherwise.

The broader lesson, if anyone is in the mood for one, is about the surface area of recovery code. BitLocker itself remains sound. The cryptography is fine. AES has not suddenly fallen. What fell is a small utility tucked inside an environment that most users never see, written under different assumptions than the rest of the platform, and trusted by the boot loader to do its job without anyone really watching. This is the same shape as Secure Boot bypasses found in obscure UEFI modules, the same shape as ransomware that lives in the Master Boot Record, and the same shape as half the WinRE issues researchers have surfaced over the last several years. The further from daylight a piece of code lives, the more interesting things tend to grow there.

There is also a procurement angle worth thinking about for anyone refreshing hardware over the next few quarters. Vendors have started shipping Pluton-based TPM integration on newer enterprise endpoints, and several enterprise device management platforms now support enforcing TPM plus PIN by policy without the historical friction of manual enrollment. For organizations standardized on Intune or a comparable MDM, the rollout cost of PIN-based BitLocker has come down meaningfully over the last two years. If your environment has been carrying TPM-only encryption forward on inertia, YellowKey is the news cycle that justifies the conversation with leadership about closing that gap before the next high-profile laptop theft becomes a regulatory disclosure event.

For managed service providers, YellowKey is a conversation starter rather than a panic. Clients with laptop fleets, especially those in healthcare, legal, financial services, or anything subject to state breach notification laws, need to be told plainly that their endpoint encryption is bypassable today on the affected Windows versions if a device walks out the door. That is a sales motion, and it is the right kind, because the fix is not a product purchase. It is a configuration change combined with a process for tracking and remediating affected devices. Offering a BitLocker hardening engagement, a TPM plus PIN rollout package, and an associated lost device incident response retainer turns this advisory into a billable quarter rather than a fire drill. The clients who push back on PIN friction are usually the ones who needed the conversation most.