A new zero-day exploit called YellowKey can bypass Windows 11 BitLocker default protection in seconds. The attack works when BitLocker uses TPM-only key storage.
Exploit uses FsTx folder on USB drive
The exploit uses a custom FsTx folder on a USB drive to gain full access to encrypted drives via the Windows Recovery Environment. Security researcher Will Dormann noted that the ability of a directory on one volume to modify contents on another volume is itself a vulnerability.
Using a PIN or BIOS password can mitigate the exploit. Microsoft has stated it is investigating the vulnerability.
The exact mechanism behind the FsTx folder causing the bypass remains unclear. Microsoft has not confirmed a timeline for a fix.



Discussion
0 comments
Log in to join the thread with a thoughtful take, question, or correction.