Windows BitLocker Zero-Day 'YellowKey': PoC Released, Defeats Default TPM-Only Encryption — No Patch
Ars Technica·medium signal
Security researcher Chaotic Eclipse released proof-of-concept code for YellowKey, a zero-day bypassing Windows 11 and Server 2022/2025 BitLocker in default TPM-only mode. Exploit uses crafted FsTx files on USB to abuse Windows Recovery Environment boot behavior, opening a command shell while the protected disk remains mounted. No CVE assigned; Microsoft says 'investigating.' Second flaw 'GreenPlasma' targets CTFMON privilege escalation.