Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

How To Mitigate The Microsoft Windows BitLocker ‘Angry Hacker’ 0-Day

Microsoft said the flaw can let attackers reach BitLocker-protected drives and urged admins to apply workarounds before a security update arrives.

  • On Tuesday, Microsoft issued guidance for the 'YellowKey' Windows BitLocker vulnerability , which allows unauthorized access to protected drives using a malicious USB key.
  • Last week, an anonymous researcher known as 'Nightmare Eclipse' disclosed the flaw, publishing a proof-of-concept exploit that describes the issue as a "backdoor".
  • To mitigate YellowKey attacks, Microsoft advised removing the FsTx Auto Recovery Utility entry and configuring 'TPM+PIN' mode. "Specifically, you prevent the FsTx Auto Recovery Utility, autofstx.exe, from automatically starting," Will Dormann, principal vulnerability analyst at Tharros, explained.
  • Organizations should treat this as an active threat, Neena Sharma, a cybersecurity specialist at Filigran, advised, recommending "compensating controls like restricting USB boot access".
  • Alongside YellowKey, Microsoft is tracking other recent zero-day flaws, including BlueHammer and RedSun, both now being exploited in attacks. Users may wait for the security update or apply PIN protections if their risk profile demands immediate action.
Insights by Ground AI

10 Articles

ForbesForbes
Center

How To Mitigate The Microsoft Windows BitLocker ‘Angry Hacker’ 0-Day

Following the release of a BitLocker zero-day security bypass by a disgruntled hacker, Microsoft has now offered mitigation advice until a patch is available.

·United States
Read Full Article
BleepingComputerBleepingComputer
Center

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. [...]

Read Full Article
EclypsiumEclypsium

YellowKey: The Unpatched BitLocker Bypass Hidden in Windows Recovery

A stolen Windows 11 laptop and a USB stick are enough to read a BitLocker-encrypted drive using nothing but Microsoft’s own recovery tools, and the researcher is holding back a follow-on attack that also defeats the startup PIN defenders are scrambling to enable in response. Special thanks to Stas Lyakhov and John Loucaides for contributions What is the vulnerability? YellowKey is a BitLocker bypass disclosed in May 2026 by a researcher operatin…

Read Full Article
cybernoz.comcybernoz.com

Microsoft issues YellowKey mitigation, no patch yet

Microsoft issues YellowKey mitigation, no patch yet Pierluigi Paganini May 20, 2026 Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. T…

Read Full Article
securityweek.comsecurityweek.com

Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass

The exploitation is mitigated by preventing the FsTx Auto Recovery Utility from starting when the WinRE image launches. The post Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker Bypass appeared first on SecurityWeek.

Read Full Article
diarioestrategia.cldiarioestrategia.cl

Microsoft Fixes a Zero-Day Vulnerability in BitLocker of Which There Is a Proof of Concept

Microsoft has mitigated a zero-day vulnerability present in BitLocker that was identified by the security researcher discontented with the company's processes, after he published a proof of concept.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality Info Icon

To view factuality data please Upgrade to Premium

Ownership

Info Icon

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news on Wednesday, May 20, 2026.
Too Big Arrow Icon
Sources are mostly out of (0)

Similar News Topics

Microsoft icon

Microsoft

Windows icon

Windows

Technology icon

Technology

Redmond, Washington icon

Redmond, Washington

Big Tech and Platforms icon

Big Tech and Platforms

News
Feed Dots Icon
For You
Search Icon
SearchBlindspot LogoBlindspotLocal