Advisories 14 May 2026 / 0 Comments

YellowKey – BitLocker Bypass via Windows Recovery Environment (WinRE) Zero-Day

Scope: Windows 11, Windows Server 2022 and 2025

Severity: Red

The same researcher behind GreenPlasma has also released a proof-of-concept for YellowKey, an unpatched physical-access BitLocker bypass in the Windows Recovery Environment that the researcher describes as "one of the most insane discoveries I've ever found" and likens to a deliberate backdoor. An attacker with physical access to a BitLocker-protected device can copy specially crafted FsTx files to a USB drive or EFI partition, reboot into WinRE, hold a specific key combination, and obtain a command shell with the encrypted volume already fully unlocked requiring no recovery key, no user password, and no additional exploitation. Microsoft has issued no patch; organizations should disable WinRE on sensitive endpoints where it is not required, enforce pre-boot PIN authentication to reduce the physical-access attack surface, and monitor MSRC for emergency patch releases.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.

YellowKey – BitLocker Bypass via Windows Recovery Environment (WinRE) Zero-Day

Exim "Dead.Letter" – Unauthenticated RCE via BDAT Use-After-Free in GnuTLS Builds (CVE-2026-45185)

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

YellowKey – BitLocker Bypass via Windows Recovery Environment (WinRE) Zero-Day

RELATED ADVISORIES

Exim "Dead.Letter" – Unauthenticated RCE via BDAT Use-After-Free in GnuTLS Builds (CVE-2026-45185)

Recent Advisories

Categories