CVE-2026-45585 – BitLocker (Windows 11 Version 24H2)

Windows BitLocker contains a security feature bypass vulnerability publicly referred to as “YellowKey.” The issue may allow an attacker with physical access to a target system to bypass BitLocker Device Encryption and gain access to encrypted data. Microsoft states that proof-of-concept code is public, exploitation is more likely, and mitigation guidance is available until a security update is released.

CVSS Score: 6.8

SEVERITY: Important

THREAT:
This vulnerability threatens the confidentiality, integrity, and availability of encrypted systems. An attacker with physical access could bypass BitLocker protections and access data that organizations expect to remain protected at rest.

EXPLOITS:
This vulnerability has been publicly disclosed. Microsoft reports that proof-of-concept exploit code is available, but active exploitation has not been observed. Exploitation is assessed as “More Likely.”

TECHNICAL SUMMARY:
The vulnerability is linked to CWE-77, improper neutralization of special elements used in a command, also known as command injection. The issue affects Windows BitLocker protection through the Windows Recovery Environment path. Microsoft’s mitigation guidance includes modifying the mounted WinRE image, removing the autofstx.exe entry from the BootExecute value, recommitting WinRE, and reestablishing BitLocker trust. A successful attacker could bypass BitLocker Device Encryption on the system storage device.

EXPLOITABILITY:
Affected software is Windows BitLocker. Exploitation requires physical access to the target device, but no privileges and no user interaction are required.

BUSINESS IMPACT:
This vulnerability is dangerous for organizations that rely on BitLocker to protect laptops, workstations, and mobile endpoints. Stolen or lost devices could expose sensitive files, credentials, customer records, intellectual property, or regulated data. The presence of public PoC code increases the risk that attackers may attempt to reproduce the bypass.

WORKAROUND:
Apply Microsoft’s mitigation guidance. Organizations can update the WinRE image by removing autofstx.exe from the BootExecute value, then recommit WinRE and reestablish BitLocker trust. Adding a BitLocker startup PIN using PowerShell, command line, Control Panel, Intune, or Group Policy can also help protect affected systems.

URGENCY:
This patch or mitigation should be prioritized because the vulnerability is publicly disclosed, proof-of-concept code is available, and exploitation is considered more likely. Systems that depend on BitLocker for lost-device protection face direct risk if attackers gain physical access.