Microsoft confirmed a new physical attack vector against BitLocker-encrypted drives on May 20, 2026, assigning it CVE-2026-45585 and urging immediate mitigation. Dubbed “YellowKey,” the bypass exploits the Windows Recovery Environment to extract volume master keys from memory, rendering full-disk encryption useless on unpatched Windows 11 and Windows Server 2025 systems.

What YellowKey Unlocked

Security researcher Alexei Volkov of Neodyme Labs first demonstrated YellowKey at Nullcon Goa 2026. The attack does not attempt to brute-force the BitLocker password or decrypt the disk directly. Instead, it abuses a design weakness in how WinRE handles BitLocker recovery mode. When a machine boots into WinRE – either intentionally or through a forced error – the recovery environment automatically mounts BitLocker drives by slurping the VMK from the TPM or pre‑cached memory. YellowKey tricks WinRE into exporting that key to a controlled device over a USB or network connection.

This means an attacker with just a few minutes of physical access can extract the full volume encryption key without any knowledge of the user’s PIN or recovery password. The technique works regardless of whether TPM-only or TPM+PIN protectors are configured, though TPM+PIN does slightly complicate the attack chain, as we’ll explore later.

Windows Recovery Environment is a minimal OS that runs from a separate partition, normally used for troubleshooting and system repair. By design, WinRE must be able to access the main Windows volume to perform repairs, so it contains the BitLocker recovery agent that can unlock the drive using the TPM or a supplied recovery key. The flaw resides in the recovery agent’s failure to validate the origin of unlock requests when WinRE is started from external media or through certain firmware manipulation.

Volkov’s proof-of-concept uses a bootable USB stick that points the system to a modified WinRE image. That image runs a tool called DislockerSiphon, which impersonates a legitimate recovery tool and calls the BitLocker API to unlock the system drive. Because the TPM releases the storage root key to any properly signed bootloader, and WinRE’s integrity is not fully enforced outside of Secure Boot’s normal chain, DislockerSiphon gains access to the VMK. The tool then exfiltrates the key via USB serial or a small network payload, leaving no trace on the disk.

Microsoft’s advisory notes that the vulnerability is classed as “Important” with a CVSS score of 7.8, because it requires physical access and the ability to interrupt the boot process. However, the low skill ceiling – the attack can be fully scripted and requires no soldering or memory probing – makes it particularly dangerous for laptops and servers in untrusted locations.

Affected Systems and Patch Availability

The following configurations are confirmed vulnerable:

Product Builds affected Patched in KB
Windows 11 24H2 (all editions) 10.0.26100.x before May 2026 cumulative KB5045523
Windows 11 23H2 10.0.22631.x before May 2026 cumulative KB5045520
Windows Server 2025 All builds prior to update KB5045530
Windows Server 2022 Not affected (limited WinRE exposure)

These patches, part of the May 2026 Security‑only and Monthly Rollup updates, modify the BitLocker recovery agent to require a cryptographic challenge when external media attempt to invoke the unlock API. Additionally, they strengthen Secure Boot policy to block known tampered WinRE images. Microsoft recommends deployment via Windows Update, WSUS, or the Microsoft Update Catalog immediately.

Notably, Windows 10 systems are not listed as affected because their WinRE architecture lacks the automated drive‑unlock path used in newer releases. Windows Server 2025 receives the same patches as the Windows 11 24H2 codebase.

Immediate Mitigation Without Patches

For organizations that cannot patch instantly, Microsoft provides two high‑impact workarounds:

  • Disable or remove the WinRE partition. This is the strongest mitigation and can be done via reagentc /disable. However, it also prevents access to recovery tools, so alternative boot media must be prepared for system repairs.
  • Enable BitLocker Network Unlock with TPM+PIN. Network Unlock fetches the VMK from a WDS server on trusted corporate networks, bypassing the local recovery agent entirely. Combined with a pre‑boot PIN, it makes the attack significantly harder, because even if WinRE is triggered, the TPM will not release the key without the PIN – but only if the attacker cannot capture the PIN during boot.

Detailed step‑by‑step guidance is available in Microsoft KB5045524.

The TPM+PIN Advantage – with a Caveat

Systems using TPM+PIN as a protector are not immune to YellowKey, but they require the attacker to first obtain the user’s PIN. Without it, the TPM will not unseal the storage root key, even in WinRE. This turns a walk‑by attack into a two‑phase operation that could involve shoulder‑surfing, keyboard logging, or a PIN‑brute‑force attempt (limited by TPM lockout policies). In practice, this extra layer raises the bar enough that YellowKey becomes impractical against vigilant users.

Configuration tips to maximize TPM+PIN protection:

  • Set a minimum PIN length of 8 digits via Group Policy (Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives > Configure minimum PIN length for startup).
  • Enable enhanced PIN rules to allow alphanumeric, which drastically increases entropy.
  • Deploy TPM lockout policies to thwart PIN guessing.
  • If your organization uses Windows Hello for Business, enforce TPM‑bound PIN as the logon credential to maintain consistency.

Remember that TPM+PIN alone will not stop YellowKey on unpatched systems if the attacker already knows the PIN. Patching remains essential.

Securing WinRE Going Forward

Beyond the immediate patch, IT administrators should treat WinRE as a high‑value attack surface. Best practices include:

  • Separating the recovery partition from the OS disk on physical servers, putting it on a removable drive that is locked away.
  • Using Unified Write Filter (UWF) to prevent persistent tampering of the WinRE image.
  • Monitoring boot integrity logs via Windows Defender System Guard and the Microsoft Azure Attestation (MAA) service to detect unauthorized WinRE loads.
  • Regularly reviewing BitLocker recovery events in Event Viewer (Application and Services Logs > Microsoft > Windows > BitLocker‑API) for anomalous unlock requests.

For home users and small businesses, the simplest approach is to apply the update, verify that Secure Boot is enabled, and confirm that the WinRE partition is healthy and up‑to‑date by running reagentc /info to see if it’s located on a separate, protected volume.

Community Reaction and Real‑World Impact

On Windows News Forums, enthusiasts and system administrators shared early findings before Microsoft’s official advisory. A user named “CryptoShield” noted that even a BIOS‑locked laptop could be compromised by using the motherboard’s recovery jumper to force a WinRE boot. Another commenter reported that servers running Hyper‑V with shielded VMs were only partially protected, because the physical TPM still released the host’s VMK, potentially exposing all encrypted VMs.

The incident has reignited debates about BitLocker’s resilience against physical attacks and whether Microsoft should finally deprecate TPM‑only protectors. Security architect Jen Marsden, in a whitepaper on windowsnews.ai, argued: “YellowKey is a wake‑up call. Organizations that treat BitLocker as a compliance checkbox must now layer pre‑boot authentication and network unlock. The days of ‘encrypt and forget’ are over.”

What Comes Next

Microsoft has added YellowKey detection capabilities to Defender for Endpoint, with a new alert titled “Suspicious WinRE‑initiated BitLocker unlock.” Enterprise customers will see this in the security portal under the “Tampering” category. Further hardening of WinRE is expected in Windows 11 25H2, where the recovery environment will run in a more restricted container, preventing direct access to the BitLocker API from external processes.

In the interim, the company reminds customers that BitLocker remains a strong defense against offline attacks when properly configured. The YellowKey bypass does not affect systems that use a startup key stored on a USB drive, because that protector never relies on the TPM. However, startup keys introduce their own theft risks and are not suitable for servers.

Actionable Takeaways

If you manage Windows 11 or Windows Server 2025 machines, do the following:

  1. Install the May 2026 updates immediately – KB5045523 / KB5045520 / KB5045530 depending on your edition.
  2. Audit existing BitLocker protectors with manage-bde -status, and switch any TPM‑only volumes to TPM+PIN.
  3. Secure the recovery partition by either disabling WinRE altogether or relocating it to a trusted medium.
  4. Enable enhanced PIN policies to the highest practical complexity.
  5. Monitor for YellowKey attacks via Defender for Endpoint or custom Windows Event Forwarding rules.

Physical access attacks are never fully eliminable, but YellowKey shows that a few configuration changes and a timely patch can close a yawning gap in even the most widely deployed drive encryption solution.