Zero-day exploit completely defeats default Windows 11 BitLocker protections
Summary
A new zero-day exploit called YellowKey allows someone with physical access to a Windows 11 computer to bypass BitLocker encryption and access all data on the drive quickly. The exploit uses a special folder on a USB drive to trick the system’s recovery process, letting an attacker open a command prompt with full access to the protected disk without needing the encryption key.Key Facts
- YellowKey is a zero-day exploit affecting default BitLocker encryption on Windows 11.
- It requires physical access to the computer and a USB drive prepared with a custom FsTx folder.
- By booting the device in a certain way and holding the Ctrl key, the exploit triggers a command prompt that bypasses BitLocker recovery protections.
- BitLocker normally encrypts entire drives using a hardware component called a TPM (Trusted Platform Module) to keep data safe without the key.
- The exploit manipulates Windows’ Transactional NTFS system, a feature for handling file operations safely in transactions.
- This manipulation allows modification of files across different drive volumes, which is unusual and may be a separate security issue.
- Security researchers have confirmed the exploit works as described, though Microsoft has not given a public response.
- The exploit threatens many organizations that rely on BitLocker for disk encryption, including government contractors.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.