YellowKey
Coverage of YellowKey in the Nexus archive.
- Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
Microsoft patched three zero-day vulnerabilities, two of which allow attackers to gain SYSTEM privileges on fully patched Windows systems, and a third that enables access to BitLocker-protected drives.
- Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
Disgruntled bug hunter Nightmare Eclipse (Chaotic Eclipse) has released six Windows zero-days, prompting Microsoft to issue a blog post condemning uncoordinated disclosure and threatening legal action. Nightmare claims Microsoft humiliated them by deleting their MSRC account and withholding payment, vowing a major release on July 14.
- Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft has released a mitigation for the YellowKey BitLocker bypass vulnerability, which is tracked as CVE-2026-45585 and carries a CVSS score of 6.8. The vulnerability is a security feature bypass in Windows. Microsoft publicly disclosed the issue last week.
- Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft has shared mitigations for YellowKey, a Windows BitLocker zero-day vulnerability that grants access to protected drives. The vulnerability is a recently disclosed issue affecting Windows. Microsoft's mitigation aims to protect users from potential exploits.
- Windows Zero-Day Barrage Continues After Patch Tuesday
A security researcher has disclosed multiple Windows zero-day vulnerabilities over six weeks, including YellowKey, GreenPlasma, and MiniPlasma, adding to the growing list of security concerns. These disclosures highlight ongoing security issues with Windows. The vulnerabilities pose a significant risk to users.
- One of many reasons why you don't want to store your keys on a computer or server: Microsoft secretly built a backdoor into BitLocker
A security researcher known as Nightmare-Eclipse discovered a backdoor in Microsoft's BitLocker, which can be exploited using the YellowKey vulnerability to bypass full-volume encryption. The researcher claims that this backdoor was intentionally introduced by Microsoft. The vulnerability can be used to access encrypted data without passwords.
- Zero-day exploit completely defeats default Windows 11 BitLocker protections
A zero-day exploit named YellowKey can bypass default Windows 11 BitLocker protections, allowing access to an encrypted drive within seconds. The exploit was published by a researcher known as Nightmare-Eclipse and targets Microsoft's full-volume encryption protection. This exploit is significant as BitLocker is a mandatory protection for many organizations.
- Microsoft BitLocker – YellowKey zero-day exploit
A zero-day exploit known as YellowKey has been demonstrated, allowing access to Microsoft BitLocker protected drives using just a few files on a USB stick. This apparent backdoor raises concerns about the security of BitLocker. The exploit has been discussed on news platforms and forums.
- Windows BitLocker zero-day gives access to protected drives, PoC released
A cybersecurity researcher has published proof-of-concept exploits for two unpatched Microsoft Windows vulnerabilities, named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. The vulnerabilities give access to protected drives. The exploits were released for Windows BitLocker.