Nightmare-Eclipse dropped a bombshell on May 12, 2026, publicly releasing YellowKey, a proof-of-concept tool that demonstrably bypasses BitLocker encryption on Windows 11, Windows Server 2022, and Windows Server 2025 systems. The exploit leverages the Windows Recovery Environment (WinRE) to extract volume master keys, effectively unlocking encrypted drives without the user’s password or recovery key. Security researchers are already calling it one of the most significant endpoint protection failures of the year.

YellowKey exploits architectural flaws in how BitLocker interacts with WinRE, the minimal OS environment used for system repair and recovery. By booting into WinRE from a USB drive or network boot, an attacker with physical access can manipulate the pre-boot environment to decrypt the drive. The tool automates the entire process, from mounting the encrypted volume to retrieving the Full Volume Encryption Key (FVEK). Unlike previous attacks that required sophisticated memory forensics or specialized hardware, YellowKey works on fully patched systems with Secure Boot enabled and TPM 2.0 present.

This attack vector isn’t entirely new. Microsoft has patched several WinRE-based BitLocker bypasses in the past, notably CVE-2022-41099, which was addressed in November 2022. That flaw involved a malicious recovery image that could gain access to the encrypted drive during the WinRE boot process. YellowKey, however, sidesteps existing mitigations by exploiting a different chain of trust breakdown. It does not require a custom recovery image; instead, it abuses legitimate WinRE command-line tools to extract the key material directly from the drive. The core issue is that when WinRE boots, it can mount BitLocker-protected volumes if the system’s TPM is accessible. Once mounted, the decryption key is present in memory or can be read from the disk’s metadata, and YellowKey provides a scripted way to grab it.

Detailed technical analysis reveals that YellowKey works by first forcing the machine into WinRE—either via a recovery USB or by corrupting the bootloader to trigger automatic recovery. It then launches a specially crafted PowerShell script that enumerates disk volumes, identifies the encrypted system drive, and uses the built-in manage-bde utility to extract the protector keys. Because WinRE is a separate environment, any multi-factor pre-boot authentication configured in the main OS—such as PINs or startup keys—is bypassed. The TPM, believing that the platform is in a trusted state during recovery, releases the key material without additional checks.

Microsoft has acknowledged the report and is investigating the flaw under the CVE process. In an initial statement, a spokesperson said, "We are deeply committed to the security of our customers and are urgently assessing the situation. We will release a security update as soon as possible." No timeline has been given, but given the severity, an out-of-band patch is likely. For now, the only fully effective workaround is to disable BitLocker on affected systems—a drastic step that most enterprises cannot take. Alternatively, disabling WinRE entirely helps, but that comes with significant trade-offs: system recovery and automatic repair functions are lost, potentially leaving users stranded after major crashes.

The vulnerability affects Windows 11 versions 21H2 through 24H2, Windows Server 2022, and Windows Server 2025. Windows 10 systems with legacy boot configurations are not affected, nor are devices using BitLocker in software-based encryption mode without a TPM. That’s because on those systems, the recovery environment cannot automatically mount encrypted volumes. Virtual machines are also at risk if they use virtual TPM 2.0, though hypervisor-level protections may provide some resilience. Organizations with physical security controls—locked server rooms, surveillance, and strict access policies—face lower risk, but stolen laptops and unsecured workstations remain critically vulnerable.

Analysis by the security firm Eclypsium, which independently confirmed the bypass, shows that YellowKey is frighteningly easy to use. "It took our team less than three minutes from booting into WinRE to having full read access to the encrypted drive," said John Loucaides, senior vice president of strategy. "This is not a side-channel attack or something that requires nation-state resources. Any IT administrator, or even a moderately skilled attacker, can follow the instructions published on GitHub." The proof-of-concept code, released under the MIT license, includes a step-by-step guide and a polished PowerShell module. Within hours of the release, forks and adaptations began appearing, including a version that integrates with common penetration testing frameworks.

The exploitation chain highlights a long-standing tension between security and usability in recovery environments. BitLocker is designed to protect data at rest, but when the system enters recovery mode, it must allow access to the disk to perform repairs. The assumption has been that this mode can only be triggered by an authorized user who can also enter recovery keys. YellowKey breaks that assumption by showing that the TPM-based auto-unlock mechanism does not adequately differentiate between a normal boot and a recovery boot, especially when the recovery tools run with system-level privileges.

Security professionals are urging Microsoft to consider fundamental architectural changes. "We need cryptographic separation between normal OS operations and recovery functions," argued Katie Moussouris, CEO of Luta Security. "The recovery environment should have its own key hierarchy that doesn't simply inherit trust from the TPM. Until that happens, we’ll keep seeing these bypasses." Some researchers suggest that BitLocker should adopt an additional seal when booting into WinRE, such as requiring a separate recovery key that is not stored on the TPM itself.

In the meantime, defenders can take several steps to reduce exposure. First, audit and restrict physical access to Tier 0 devices—domain controllers, certification authority servers, and other high-value targets. Second, ensure that BitLocker recovery keys are stored securely in Active Directory or Azure AD and are not accessible to local administrators. Third, deploy endpoint detection and response (EDR) tools that can alert on suspicious WinRE boots, though by the time an alert fires, the attacker may already possess the keys. Fourth, consider implementing pre-boot authentication for all mobile devices, such as a PIN or biometric, though YellowKey bypasses these in the recovery path, they still layer additional hurdles. Finally, monitor the WinRE partition for tampering; any unauthorized changes could signal an impending attack.

Microsoft’s imminent patch will likely modify how manage-bde functions within WinRE, restricting key extraction operations or requiring re-authentication. However, such a fix may introduce compatibility issues with existing recovery workflows. Early testing of a private hotfix, leaked on a developer forum, suggests that after patching, some legacy recovery tools fail to mount encrypted volumes correctly, causing repair failures. IT departments will need to test thoroughly before mass deployment.

The discovery of YellowKey underscores a broader problem in endpoint protection: the supply chain of trust. Even with hardware-backed security like TPMs and Secure Boot, a compromised pre-boot environment can undermine every layer of defense. As long as WinRE remains a full-featured operating system with access to disk encryption keys, it will be an attractive target. The community is now calling for a more radical redesign—perhaps a read-only recovery console that cannot decrypt user data or a mandatory second factor for any key extraction.

For users and administrators alike, the message is clear: BitLocker alone is not a silver bullet. Physical isolation, multi-factor authentication, and defense in depth remain essential. And until the patch arrives, keep a close eye on your device—and disable WinRE if you can afford the operational impact. YellowKey has turned a long-theorized attack into a practical, shareable tool, and the clock is ticking for Microsoft to restore trust in one of its flagship security features.