Microsoft on May 19, 2026, assigned CVE-2026-45585 to YellowKey, a publicly disclosed security feature bypass that undermines BitLocker Drive Encryption on multiple supported Windows platforms. The vulnerability—rated 6.8 on the CVSS scale and classified as ‘Important’—affects Windows 11 24H2, 25H2, 26H1, and Windows Server 2025 systems. YellowKey allows an attacker with code execution in the Windows Recovery Environment (WinRE) to extract BitLocker volume master keys without satisfying the normal authentication requirements, such as the TPM-and-PIN protector. The core issue is not a cryptographic flaw in BitLocker, but rather the implicit trust that BitLocker places in WinRE as a recovery tool. Microsoft released a security update that restricts the way BitLocker interacts with WinRE and urges organisations to reassess their recovery environment configurations.

BitLocker and the WinRE blind spot

BitLocker provides full-volume encryption for Windows drives, using protectors like the Trusted Platform Module (TPM), PINs, USB keys, or recovery passwords. In a typical TPM-only configuration, the TPM releases the decryption key after verifying the integrity of the boot chain. However, when a system fails to boot normally, WinRE steps in to provide diagnostic and repair tools. WinRE is a minimal Windows environment stored on a hidden partition, loaded early in the boot process. Because BitLocker must allow access to BitLocker-protected drives during recovery—for example, to repair Boot Configuration Data or restore system files—the recovery environment can automatically unlock fixed data drives and system volumes by calling BitLocker APIs. This automatic unlock capability is the cornerstone of the YellowKey attack.

WinRE is a signed, trusted component. It is rarely updated, often overlooked in endpoint security reviews, and typically immune from endpoint protection software because it runs as early-boot code. That combination—automatic BitLocker unlock, elevated privileges, and minimal security oversight—makes it a high-value target for attackers who have already achieved local privilege escalation or physical access. YellowKey exploits this trust relationship, not by cracking AES-XTS encryption but by coercing the recovery environment into handing over the raw keys.

How YellowKey works

YellowKey requires local administrator access on the running Windows instance or physical access to the device. The attacker first corrupts the normal boot path—for example, by tampering with the BCD store or deleting the system partition’s boot files—forcing Windows Boot Manager to start WinRE instead. When WinRE launches, the BitLocker framework detects the recovery context and automatically calls the UnsealAutomatically function to unlock the encrypted volume so that recovery tools can access it. This function leverages the TPM’s platform configuration registers (PCRs) but, crucially, in a recovery scenario the TPM measurement profile changes—PCR 7 (Secure Boot state) and PCR 11 (BitLocker policy) may be relaxed or ignored because the recovery environment itself is considered a valid boot path.

Once the volume is unlocked, the attacker can use readily available Windows APIs—such as GetVolumeMasterKey—to extract the Volume Master Key (VMK) in plaintext. With the VMK, all data on the disk can be decrypted offline, even without the TPM or user credentials. The YellowKey proof-of-concept code, published on GitHub shortly before Microsoft’s patch, weaponised this sequence into a single script that can be launched from WinPE or from a compromised WinRE instance.

A key detail is that YellowKey does not bypass the TPM entirely; it repurposes the TPM’s role. The TPM still seals and unseals keys according to the PCR values that exist in the WinRE boot session. Because WinRE is signed by Microsoft and boots with a known set of measurements, the TPM correctly releases the key material. The attack simply hijacks this legitimate pathway.

Affected systems and scope

Microsoft’s security advisory confirms that the following editions are vulnerable:

  • Windows 11 24H2 (all editions)
  • Windows 11 25H2 (all editions)
  • Windows 11 26H1 (all editions)
  • Windows Server 2025 (all editions, including Server Core)

The vulnerability is present only on systems with BitLocker enabled and where the recovery partition exists. Windows 10 and older Windows Server releases are not affected because the vulnerability lies in a code path introduced with the 24H2 kernel update. Server 2025 shares the same codebase. The CVE bulletin notes that systems using a pre-boot PIN in addition to the TPM—often called “enhanced PIN” or “TPM+PIN”—are protected against the most straightforward exploitation path but are still affected if the attacker can trigger WinRE automatically. A TPM+PIN configuration forces a PIN prompt during normal boot; however, when WinRE launches, BitLocker does not prompt for a PIN because WinRE is not designed to accept user input in that way. Instead, it falls back to the TPM-based unlock. Thus, the PIN adds a layer of inconvenience for an attacker but does not eliminate the vulnerability.

Microsoft’s response and patch mechanics

Microsoft addressed YellowKey with a cumulative security update released on Patch Tuesday, June 9, 2026. The update alters the behaviour of the BitLocker driver (fvevol.sys) when it is called from within WinRE. Specifically, it introduces a new validation step that checks whether the current boot session matches an approved recovery ticket. If the ticket is absent or forged, the volume is not automatically unlocked, and any attempt to extract the master key returns an access-denied error. The update also hardens the WinRE imaging process by verifying the digital signature of the Recovery Environment’s boot manager and OEM-supplied drivers before allowing the unlock sequence to proceed.

Admins must manually install the update on each endpoint; it is not pushed through Windows Update for Business by default because WinRE updates require offline servicing. Microsoft published a step-by-step guide that uses the Deployment Image Servicing and Management (DISM) tool to apply the patch to offline recovery partitions. Organisations using Microsoft Intune or ConfigMgr can push the patch as a WinRE package. The advisory strongly recommends updating the recovery image even on machines that are not yet running WinRE, because a future deliberate boot failure could force the environment to start.

Why WinRE trust is a systemic problem

YellowKey is not the first vulnerability to exploit the elevated privileges of the Windows Recovery Environment. Previous flaws, such as the 2022 bypass that allowed WinRE to be used as a staging ground for malware, have highlighted the same architectural weakness: WinRE is a full Windows kernel environment that runs with SYSTEM rights and automatic disk access. The trust model assumes that anything that successfully boots into WinRE is a legitimate recovery activity. In practice, a local attacker with administrative access can easily trigger a boot into WinRE by corrupting a single file on the system partition.

Microsoft has increasingly pushed organisations to treat WinRE as a security boundary. The company’s own “Secured-core PC” specification now requires that the recovery partition be protected by Secure Boot and measured by the TPM. However, many devices—especially those upgraded from earlier Windows versions—still ship with a standard WinRE layout that does not enforce these measurements. The YellowKey disclosure underscores that simply having BitLocker enabled does not provide full-disk encryption assurance when the recovery environment is not equally hardened.

Practical mitigations beyond patching

While the June 2026 update is the definitive fix, Microsoft and independent security researchers recommend several additional controls:

  • Remove the recovery partition where business requirements allow. Without a local WinRE instance, the automatic unlock path is unavailable. Remote recovery tools, such as Windows Deployment Services or USB-based recovery media, can replace local WinRE for most enterprise scenarios.
  • Enforce TPM+PIN with a lengthy PIN (at least 8 digits) and leverage Group Policy to block the convenience unlock of fixed drives. Combined with the patch, this makes the remaining attack surface significantly harder to exploit.
  • Enable BitLocker Network Unlock for domain-joined machines so that systems can recover without relying solely on the local recovery environment.
  • Deploy BitLocker recovery passphrase rotation using Microsoft Intune; rotate keys immediately after applying the patch to invalidate any master keys that may have been targeted before the fix.
  • Monitor WinRE activity through Windows Event Logs (Event ID 851 in the BitLocker-API source) and Microsoft Defender for Endpoint. A sudden spike in recovery events should be treated as a potential incident.
  • Disable automatic failover to WinRE via the bcdedit /set recoveryenabled No command, though this will prevent the boot manager from attempting automatic repair after a crash, requiring additional manual recovery steps.

The community’s reaction

The Windows IT Pro community expressed a mixture of alarm and relief on forums like WindowsForum.com. Many admins admitted they had never validated their WinRE configurations after deploying BitLocker. “We assumed BitLocker meant safe, even with a default TPM-only setup,” wrote one commenter. “YellowKey woke us up to the fact that our recovery partitions were essentially a backdoor that nobody was monitoring.” Several users reported that they had removed the recovery partition years earlier to reclaim disk space on thin clients and were inadvertently protected all along.

Others raised concerns about the practical difficulty of updating WinRE across thousands of endpoints. “DISM offline servicing is fine for a lab, but scaling it to 10,000 desktops without a reliable automation workflow is a nightmare,” noted a senior systems engineer. Microsoft’s own guide acknowledges the challenge and points to a new Graph API endpoint in Intune that can schedule WinRE updates during maintenance windows. Early adopters of that API reported a 90% success rate in pilot groups, with failures mostly caused by low disk space on the recovery partition.

Long-term implications for Windows security

YellowKey will likely accelerate the adoption of encryption technologies that do not depend on a host OS recovery partition. Hardware-based self-encrypting drives (SEDs) that manage encryption in the drive controller and present the key only after a successful Pre-Boot Authentication (PBA) are one alternative, though they come with a higher price tag. Microsoft’s Pluton security processor, now standard in Copilot+ PCs, includes a feature called “Zero Trust Device Recovery” that intends to make recovery possible without ever revealing the volume master key to the recovery environment. That capability, however, is still in preview and is limited to new hardware.

The disclosure also highlights the importance of treating WinRE with the same rigour as the main Windows image. Security teams are being urged to bring recovery partitions under patch management, configure them with customised drivers only, and monitor them for integrity violations. The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-45585 to its Known Exploited Vulnerabilities catalog on June 8, 2026, giving federal agencies 21 days to apply the patch.

For now, the immediate takeaway is that BitLocker alone is not enough. The trust chain extends to every piece of code that can unlock the drive, and WinRE is the weakest link in that chain on most Windows 11 devices. YellowKey was not a theoretical attack—the public availability of a working exploit forces every organisation to re-examine how they have configured full-disk encryption. Patching is essential, but re-architecting the recovery workflow will deliver the long-term security improvement that this bypass exposed.

Microsoft has committed to publishing supplementary guidance later in 2026 for environments where the recovery partition cannot be removed, including a hardened WinRE image that will be signed with a 4096-bit certificate and will only accept BitLocker unlock requests accompanied by a fresh TPM attestation report. Until then, the YellowKey episode serves as a reminder that security boundaries in Windows are only as strong as the platforms we trust least—and too often forget to secure.