Zero-Day Exploit YellowKey Bypasses Windows 11 BitLocker in Seconds

A new zero-day exploit called YellowKey bypasses Windows 11 BitLocker default protection in seconds using a custom FsTx folder on a USB drive. Microsoft is investigating.

Zero-Day Exploit YellowKey Bypasses Windows 11 BitLocker in Seconds

A new zero-day exploit called YellowKey can bypass 11 BitLocker default protection in seconds. The attack works when BitLocker uses TPM-only key storage.

Exploit uses FsTx folder on USB drive

The exploit uses a custom FsTx folder on a USB drive to gain full access to encrypted drives via the Windows Recovery Environment. Security researcher Will Dormann noted that the ability of a directory on one volume to modify contents on another volume is itself a vulnerability.

Using a PIN or BIOS password can mitigate the exploit. Microsoft has stated it is investigating the vulnerability.

The exact mechanism behind the FsTx folder causing the bypass remains unclear. Microsoft has not confirmed a timeline for a fix.

Discussion

0 comments

Log in to join the thread with a thoughtful take, question, or correction.

Add to the discussion