Microsoft has released a mitigation for the YellowKey vulnerability (CVE-2026-45585), a BitLocker security feature bypass that allows attackers with physical access to circumvent device encryption on affected Windows 11 and Windows Server versions. The exploit uses specially crafted files to spawn an unrestricted shell during recovery mode, granting full access to encrypted data, and Microsoft recommends updating WinRE images and switching from TPM-only to TPM+PIN protection to prevent exploitation.
https://thehackernews.com/2026/05/microsoft-releases-mitigation-for.html

