Microsoft BitLocker – YellowKey zero-day exploit

(tomshardware.com)

41 points | by cookiengineer 1 hour ago

6 comments

otterley 1 hour ago
Here's the primary source: https://deadeclipse666.blogspot.com/2026/05/two-more-public-...
Other links:
https://github.com/Nightmare-Eclipse/YellowKey
https://github.com/Nightmare-Eclipse/GreenPlasma
AnonC 1 hour ago
The BitLocker exploit seems simple and very dangerous. Companies and individuals have been relying on BitLocker to protect information if the device is lost. Despite promises, Microsoft doesn’t seem to be serious about security.
What will it take for more companies to truly understand their risks with Windows and being locked into Microsoft’s platforms?
[-]
- ranger_danger 48 minutes ago
  How does a bug equate to "not serious about security"?
  [-]
  - navigate8310 41 minutes ago
    There's no way this is not a backdoor
  - forestry 20 minutes ago
    The blog author calls it that but given there’s no root cause yet it’s foolish to jump to conclusions.
  - Our_Benefactors 40 minutes ago
    Read the article. It’s pretty clear that this is a backdoor, and calling it a bug would be so generous as to be misleading.
    [-]
    - forestry 17 minutes ago
      *in your opinion.
pajko 1 hour ago
Earlier thread: https://news.ycombinator.com/item?id=48114997
ungreased0675 1 hour ago
Remarkable. Does MS take a huge reputational hit for having a backdoor, or are they so essential to most places this won’t matter?
[-]
- charcircuit 4 minutes ago
  It's not an actual backdoor. An attacker found a way to exploit Windows on the lockscreen after booting it up in this recovery mode.
- peroids 1 hour ago
  I’m assuming the EU speeds up the uncoupling cause of some of this.
- ranger_danger 49 minutes ago
  As far as I can tell, there's no concrete evidence that it is actually an intentional "backdoor."
  [-]
  - skeptic_ai 4 minutes ago
    lol it’s an obvious backdoor. No way a security system would ever allow this blatant workaround to bypass all encryption. Backdoor is the only answer
bombcar 48 minutes ago
How is this even possible, backdoor or no? Isn't the whole point of this type of encryption that even a compromised machine can't decrypt without the passphrase? If this works it means that the key is stored unencrypted somewhere?
[-]
- majorchord 19 minutes ago
  Most setups only have the key stored in the TPM, so all you need to get it back is a signed/trusted bootloader.
  Ideally you'd want that key to be further protected with a password or some other mechanism because it's not impossible to extract TPM keys.
- andrecarini 25 minutes ago
  Presumably the key is stored in the TPM
ranger_danger 44 minutes ago
For those who use password (not PIN) based pre-boot authentication with BitLocker... do we know if that setup is safe?
I can't imagine there would be a way to bypass that if a password is required, unless it was a situation where like, there was originally some secret secondary key made that needs no password... or the password was never tied to the key in the first place.
[-]
- andrecarini 23 minutes ago
  The exploit developer themselves say [1] TPM+PIN is vulnerable, though no public PoC.
  [1]: https://deadeclipse666.blogspot.com/2026/05/were-doing-silen...
  [-]
  - forestry 19 minutes ago
    I’m skeptical of that claim. The key material presumably is inaccessible even to the OS without the passcode.
    [-]
    - ranger_danger 5 minutes ago
      > presumably
      That's the thing, we don't actually know how involved the PIN is in relation to the key... it might be completely separate (and hence bypassable).
      Similarly I also wonder if password-based pre-boot auth is affected.