Zero-Day Exploit Against Windows BitLocker - Schneier on Security
YellowKey zero-day exploit bypasses Windows 11 BitLocker encryption with physical access
Summary
A zero-day exploit named YellowKey, published by researcher Nightmare-Eclipse, reliably bypasses BitLocker encryption on default Windows 11 deployments by circumventing the TPM-based key storage mechanism. While the exploit requires physical access to the target computer, it poses a significant threat to organizations where BitLocker is mandatory, including government contractors. The vulnerability undermines a key security control designed to protect sensitive data at rest.
Full text
Zero-Day Exploit Against Windows BitLocker It’s nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments. Slashdot thread. And here’s Nightmare-Eclipse’s GitHub account. Tags: BitLocker, exploits, Windows, zero-day Posted on May 18, 2026 at 7:08 AM • 13 Comments
Indicators of Compromise
- malware — YellowKey