VulnerabilityBleeping Computer
7.8 — HIGH
Microsoft shares mitigation for YellowKey Windows zero-day
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A Windows zero-day vulnerability, YellowKey (CVE-2026-45585), has been disclosed and is being exploited in attacks. Microsoft has shared mitigations for the flaw.
⚙️Technical Details
Affected Systems
Windows
Attack Vectors
PHYSICAL
💥Impact Assessment
Severity: MEDIUM
Who Is at Risk
Customers with Windows devices that have BitLocker enabled
🛡️Recommended Actions
1Remove the autofstx.exe entry from the Session Manager's BootExecute REG_MULTI_SZ value
2Configure BitLocker on already encrypted devices to TPM+PIN mode
3Enable the 'Require additional authentication at startup' option via Microsoft Intune or Group Policies
📦Affected Products
Microsoft Defender Antimalware Platform
🔐NVD Verified DataVERIFIED
CVE-2026-33825 ↗CVSS 7.8 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-1220
Affected Products (CPE)
Microsoft Defender Antimalware Platform
CVE-2026-45585 ↗CVSS 6.8 — MEDIUM
Attack Vector
PHYSICAL
Complexity
LOW
Vector String
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-77
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.