A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

YellowKey exploit bypasses BitLocker full volume encryption via USB stick and WinRE

A researcher known as "Nightmare-Eclipse" recently released YellowKey, a security vulnerability that allegedly enables a full bypass of BitLocker's full-volume encryption. The researcher described YellowKey as one of the most "insane" flaws they have ever encountered and has also accused Microsoft of potentially embedding a legitimate backdoor in BitLocker's data protection system.

According to the researcher, YellowKey appears unusual for a previously unknown security bug. Nightmare-Eclipse explained that the flaw can be reproduced by copying an attached "FsTx" folder to a USB drive formatted with a Windows-compatible file system such as NTFS, FAT32, or exFAT.

The vulnerability may also work without a USB drive if the FsTx files are copied to the Windows EFI partition and the encrypted disk is temporarily disconnected from the system. After placing the FsTx folder, an attacker would need to reboot a BitLocker-protected machine, enter the Windows Recovery Environment, and follow a specific sequence of inputs.

If the procedure is completed correctly, a command shell reportedly appears, granting unrestricted access to BitLocker-protected volumes. No passwords are required, and the encrypted data may become fully accessible for browsing, copying, and other file operations.

Piousbox

A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

YellowKey exploit bypasses BitLocker full volume encryption via USB stick and WinRE

Related Articles

AI Is Technology, Not a Product

“Too Dangerous to Release” — Or Just Too Expensive? The Real Reason Anthropic Is Hiding Its Most Powerful AI

Google Broke reCAPTCHA for De-Googled Android Users (2)