The Golden Skeleton Key: A Deep Dive into CVE-2026-45585 (YellowKey) BitLocker Bypass

Full-disk encryption (FDE) is the bedrock of endpoint physical security. For nearly two decades, Microsoft’s BitLocker has been the silent guardian of enterprise data, ensuring that when a laptop is left in a taxi or a server hard drive is improperly recycled, the data remains cryptographically shredded to unauthorized parties.

But what happens when the very environment designed to recover your operating system turns out to be the backdoor that decrypts it for an attacker?

Enter CVE-2026-45585, widely known in the cybersecurity community as YellowKey. Disclosed in late May 2026, YellowKey is a critical security feature bypass that completely undermines BitLocker on current-generation Windows systems. In a controversial move, the Proof of Concept (PoC) for this vulnerability was dropped publicly before Microsoft could finalize a patch, igniting a scramble for enterprise defenders worldwide.

In this deep dive, we’ll unpack the mechanics of YellowKey, why it breaks the BitLocker trust chain, and the immediate steps you must take to protect your fleet.

Executive Summary¶

• Vulnerability: CVE-2026-45585 (YellowKey)
• CVSS v3.1 Score: 6.8 (Medium - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
• Vulnerability Type: Security Feature Bypass / Command Injection (CWE-77)
• Vector: Local/Physical Access (AV:P)
• Affected Products: Windows 11 (versions 24H2, 25H2, 26H1) x64 and Windows Server 2025
• Exploitation Status: Active public PoC; no permanent patch is yet available (as of early June 2026). Microsoft has provided an interim PowerShell mitigation script.

The Root of the Problem: TPM, WinRE, and Trust¶

To understand YellowKey, you have to understand how modern Windows boots.

By default, BitLocker in modern Windows deployments often relies on a TPM-only protector. The Trusted Platform Module (TPM) is a secure cryptoprocessor on the motherboard. When the machine powers on, the TPM measures the boot sequence. If everything looks legitimate (no unauthorized firmware, no altered bootloader), the TPM seamlessly releases the BitLocker Volume Master Key (VMK) to the operating system. The user is greeted by the Windows login screen, oblivious to the complex cryptography that just happened.

However, if Windows fails to boot properly, the system falls back to the Windows Recovery Environment (WinRE). WinRE is a lightweight companion operating system designed to troubleshoot unbootable systems. Because WinRE is a trusted Microsoft component, the TPM will often still release the BitLocker key to allow WinRE to access the disk and attempt repairs.

The YellowKey Exploit Chain¶

YellowKey abuses the implicit trust between the TPM, the encrypted volume, and the Recovery Environment.

At its core, CVE-2026-45585 is an Improper Neutralization of Special Elements used in a Command (CWE-77) vulnerability. The attack requires physical access but requires zero prior privileges or user interaction.

Here is how the exploit conceptually functions: 1. Physical Access: The attacker gains physical custody of a target device (e.g., a stolen laptop or a locked kiosk). 2. Forcing Recovery: The attacker interrupts the normal boot process, forcing Windows to load the Windows Recovery Environment (WinRE). 3. Log Manipulation: The core of the YellowKey exploit relies on manipulating NTFS transaction logs and recovery configuration files. 4. Command Injection via autofstx.exe: The attacker injects malicious inputs that the OS improperly sanitizes. By poisoning the BootExecute multi-string registry value located in the offline SYSTEM registry hive, the attacker forces the system to execute commands under the context of autofstx.exe (a native Windows executable) during the early phases of the WinRE boot. 5. Privileged Access: Because the TPM has already validated the boot sequence and transparently decrypted the drive for WinRE, the attacker’s injected command successfully spawns a highly privileged command prompt (cmd.exe as NT AUTHORITY\SYSTEM).

The Result: The attacker now has a root-level shell. The drive is fully unlocked and decrypted, granting unrestricted access to all files, SAM databases, cached credentials, and proprietary data—bypassing BitLocker entirely without ever needing the recovery key or the user's password.

Why "Physical Access" Should Not Be Ignored¶

Historically, security teams tend to deprioritize vulnerabilities requiring physical access (AV:P), focusing instead on remote, network-based threats. Consequently, YellowKey's CVSS score sits at a modest 6.8.

However, treating CVE-2026-45585 as a low priority is a dangerous mistake. Consider the following scenarios: * The Traveling Executive: A laptop left unattended in a hotel room or confiscated temporarily at border crossings. * Decommissioning and E-Waste: Hard drives pulled from Windows Server 2025 machines and sent to recycling depots without secure wiping. * Shared Workstations: Medical kiosks or factory floor terminals where an attacker can plug in a malicious USB or reboot the machine.

If an attacker has physical access to an affected machine running a TPM-only BitLocker configuration, your data is compromised in minutes.

Mitigation: Closing the YellowKey Backdoor¶

Because the PoC was released without coordinated disclosure, Microsoft has not yet integrated a permanent fix into Patch Tuesday rollouts. However, they have released strict mitigation guidelines.

If you are running Windows 11 (24H2+) or Windows Server 2025, you must act immediately.

1. Apply the Microsoft Mitigation Script (Immediate Action)¶

Microsoft has provided a PowerShell mitigation script designed to neuter the attack vector within WinRE.

The script mounts the offline Windows Recovery Environment, loads the offline SYSTEM registry hive, and specifically removes the autofstx.exe entry from the BootExecute REG_MULTI_SZ value. This prevents the vulnerable executable from running during the WinRE boot process, effectively breaking the exploit chain without impacting standard recovery operations.

Note: Microsoft has stated that once the official security update is released, it will inherently support and maintain the behavior introduced by this temporary mitigation.

2. The Gold Standard: Enforce TPM + PIN¶

The fundamental weakness that makes YellowKey so devastating is the reliance on TPM-only ("transparent") unlocking. If the TPM automatically yields the decryption key just because the bootloader looks intact, the physical security boundary is fragile.

To eliminate this class of vulnerability entirely, organizations should shift from TPM-only to TPM + PIN protectors. When TPM + PIN is enforced, the boot sequence pauses before the OS or WinRE loads. The user must manually input a PIN. Even if an attacker manipulates the recovery environment to spawn a shell, the TPM will absolutely refuse to release the Volume Master Key until the human-supplied PIN is entered. Without the key, the disk remains a brick of cryptographic noise.

You can configure this via Group Policy under: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives > Require additional authentication at startup

3. Monitoring and Hunting¶

While YellowKey is an offline attack, you can hunt for post-exploitation indicators if a device is returned to your network: * Look for unexpected, rapid logon/unlock events or anomalous reboots. * Monitor endpoint telemetry (like Microsoft Defender for Endpoint) for the execution of the YellowKey public tooling binaries or related scripts. * Forward Security, System, and Application event logs to your SIEM, alerting on unexpected drops into the Windows Recovery Environment followed by host OS access.

Conclusion¶

CVE-2026-45585 (YellowKey) is a stark reminder that cryptography is only as strong as its implementation. BitLocker’s encryption algorithms (AES-XTS) remain mathematically secure; the vulnerability lies in how the operating system handles the keys and trusts its own recovery subsystems.

The uncoordinated release of the YellowKey PoC has left defenders in a precarious position. Until Microsoft issues a comprehensive patch via Windows Update, organizations must proactively apply the PowerShell registry mitigations and seriously evaluate the deployment of pre-boot authentication (TPM + PIN) for high-risk assets.

Physical security is cybersecurity. Ensure your endpoints are locked down before the keys are handed to the adversary.