Summary
Microsoft released emergency mitigations for a BitLocker bypass vulnerability (CVE-2026-45585) that allows attackers with physical access to access encrypted data via the Windows Recovery Environment.
Take Action:
To protect against the YellowKey physical bypass attack switch your BitLocker configuration from TPM-only to TPM+PIN configuration. Relying on hardware-only secrets is no longer sufficient when the boot process itself can be manipulated. IT teams should also manually modify their WinRE images to remove the autofstx.exe entry from the registry until Microsoft releases an official, permanent patch.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)