Microsoft has disclosed CVE-2026-45585 ("YellowKey"), a security feature bypass vulnerability in Windows BitLocker with a CVSS 3.1 score of 6.8 (MEDIUM), which requires physical access to a device to exploit and access encrypted data. A full patch is not yet available, but Microsoft has provided step-by-step mitigation guidance for affected systems.
Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company has provided step-by-step mitigation advice to protect affected Windows devices from exploitation. CVE-2026-45585 and the YellowKey exploit CVE-2026-45585 is a security feature bypass vulnerability that can only be exploited if the attacker has physical access … More → The post Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) appeared first on Help Net Security .