Microsoft has issued urgent manual mitigation guidance for a publicly disclosed BitLocker bypass known as YellowKey, tracked as CVE-2026-45585. The vulnerability allows attackers with physical access to a Windows PC to extract the volume master key (VMK) and decrypt the drive, completely defeating BitLocker’s encryption. The exploit targets systems that rely solely on a Trusted Platform Module (TPM) for automatic unlocking, without a PIN or password. The proof-of-concept code, which appeared online in early May 2026, abuses the Windows Recovery Environment (WinRE) to obtain privileged command-line access and siphon the keys.

The flaw has reignited the debate over TPM-only versus multi-factor protectors for BitLocker. While Microsoft has not yet released a full security update, it has published step-by-step instructions to harden WinRE access and prevent exploitation. Enterprise administrators and Windows users who depend on BitLocker for data-at-rest security need to act immediately to block this attack vector.

How YellowKey Exploits TPM-Only BitLocker

To understand YellowKey, you must first grasp how BitLocker works with a TPM. By default, Windows can use the TPM to store the VMK and release it only if the boot environment appears untampered. This configuration—called TPM-only—provides transparency: the system simply boots to the desktop without any extra user input. However, that convenience comes at a steep price. A determined attacker with physical access can intercept the communication between the TPM and the CPU, or—as in this case—manipulate the boot process to trick the TPM into releasing the keys.

YellowKey leverages a well-known weak point: the Windows Recovery Environment. WinRE is a lightweight OS image that loads when you choose to repair, diagnose, or recover a Windows installation. It includes a command prompt with SYSTEM-level privileges. Normally, BitLocker-protected drives are locked when WinRE starts, but previous research has shown that it is possible to boot into WinRE and then use tools to extract encryption keys or disable BitLocker entirely. YellowKey automates this process.

The Attack Sequence

Based on community analysis and the limited technical details available, the exploit proceeds roughly as follows:

  • The attacker boots the target PC from a specially prepared recovery drive or repeatedly interrupts startup to trigger automatic Windows Recovery.
  • Once inside WinRE, a script (likely Python-based, given the “YellowKey” moniker) launches and begins probing the TPM.
  • Because TPM-only mode automatically releases the VMK if the platform configuration registers (PCRs) are unchanged, the tool can capture the key material as the system attempts to unlock the drive.
  • With the VMK in hand, the attacker can decrypt the entire volume offline on another machine.

The real-world impact is severe. Stolen laptops, exposed servers, and unattended workstations in sensitive areas become wide open. Notably, devices secured with a TPM plus a PIN, USB startup key, or network unlock protector are immune to this particular attack, as those require additional secrets that YellowKey cannot bypass.

Microsoft’s Mitigation: Locking Down WinRE

Instead of rushing out a potentially unstable patch, Microsoft chose to issue manual mitigation guidance. The company’s security advisory (still unpublished as a formal MSRC bulletin) details changes administrators can make to block the WinRE access route. The core tactic is simple: prevent an unauthenticated user from getting a command prompt within WinRE.

The recommended steps include:

  • Disable WinRE entirely via the reagentc /disable command. This removes the recovery environment from the boot menu, but it also eliminates a valuable recovery tool.
  • Enable BitLocker with a PIN or password as an additional protector. This can be enforced through Group Policy or Microsoft Intune for domain-joined machines.
  • Modify the Boot Configuration Data (BCD) to require authentication before launching WinRE. For example, setting bootstatuspolicy to ignore failures can prevent automatic recovery boot triggers, and the /set {default} recoveryenabled No option turns off recovery without fully deleting the partition.
  • Restrict physical access to management ports and external media, but that’s a long-standing best practice and not a technical mitigation per se.

Microsoft has also emphasized that users with modern hardware supporting Secure Boot and TPM 2.0 should verify that WinRE is signed and trusted, as tampered WinRE images could be another vector.

Temporary Workaround vs. Permanent Fix

This guidance is explicitly a stopgap. “We are actively developing a comprehensive update that addresses the root cause in WinRE and strengthens the early boot chain,” a Microsoft representative wrote in the advisory draft. No release date has been given, but given the high severity, a cumulative update or out-of-band fix is expected within weeks.

For now, the burden falls on IT departments to weigh the trade-offs. Completely disabling WinRE might leave users stranded without recovery options. Yet leaving it unprotected could expose entire organizations to data theft. The ideal middle ground is to push a PIN requirement while keeping WinRE available.

The Bigger Picture: TPM-Only Is Not Enough

YellowKey is the latest in a long line of BitLocker bypasses that hinge on physical access and weak default configurations. Attacks such as “SPI sniffing” (reading the TPM’s LPC bus) and “TPM Genie” (interposing a malicious device) have been demonstrated since 2019. Each time, the takeaway is identical: TPM-only protection is no match for an adversary who can touch the hardware.

Yet millions of consumer and business PCs continue to ship with BitLocker enabled in TPM-only mode out of the box. The convenience is hard to ignore, but YellowKey proves that for any device containing sensitive data, multi-factor authentication is non-negotiable.

What Should You Do Right Now?

Until Microsoft delivers a patch, security-conscious Windows users should immediately audit their BitLocker configuration:

  1. Open an elevated command prompt and run manage-bde -status. Check the Protection Status line for each volume.
  2. If a drive lists “TPM” as the only key protector, your data is vulnerable.
  3. Add a PIN protector by running:
    manage-bde -protectors -add C: -TPMAndPIN
    then set a PIN: manage-bde -changepin C:.
  4. For enterprise environments, enable the Group Policy Require additional authentication at startup under Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
  5. After changing the protectors, consider manually disabling WinRE with reagentc /disable until the official fix arrives. Just remember to re‑enable it later.

These steps add friction, but they are the only proven defense against this class of physical-access attacks.

Community Response and Trade-offs

On forums and social media, the reaction has been a mix of alarm and frustration. Some users applaud Microsoft’s transparency in pre‑releasing the workaround, while others criticize the slow patch cycle. “I have a fleet of 2,000 laptops out in the field, half of which have encrypted drives with TPM only. Turning off WinRE isn’t realistic—my helpdesk will get flooded,” posted one IT manager on a popular Windows community board.

Others pointed out that the exploit requires significant physical access and technical skill, somewhat limiting its practical use. However, as the proof of concept circulates online, it’s only a matter of time before less sophisticated attackers adopt it. The fact that YellowKey can be executed from a simple USB stick further lowers the barrier.

Looking Ahead

YellowKey serves as a painful reminder that convenience and security are often at odds. BitLocker remains a robust encryption solution when configured correctly, but TPM‑only mode should be reserved for non‑sensitive devices or kiosks. For everything else—particularly laptops that leave the office—a PIN is essential.

Microsoft’s eventual patch is expected to harden the WinRE boot process, possibly by requiring authentication before recovery tools can load or by limiting the recovery environment’s access to the TPM. In the meantime, the manual mitigation steps are the only shield. Apply them now. A few extra seconds at boot time is a small price to pay for keeping your data out of strangers’ hands.