Description
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.
We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
Mitigation FAQs
Should I leverage the temporary mitigation?
Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel.
What impact to service availability/management could be caused by implementing the mitigations?
Implementing these mitigations will not impact service availability or management operations.
Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available?
No. The security update will maintain the mitigation's behavior once the security update is installed.
I am using TPM+PIN, am I at risk of this vulnerability being exploited
No, if you are using TPM+PIN the vulnerability is not exploitable.
Published: 2026-05-19
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Microsoft has identified a security feature bypass vulnerability in Windows, colloquially known as "YellowKey", for which a public proof-of-concept is available. The flaw permits an attacker to sidestep BitLocker’s security safeguards if the victim uses the default encryption method rather than a TPM + PIN configuration. During a local or elevated-privilege session, the attacker can leverage YellowKey to retrieve or use the BitLocker recovery key, thereby compromising encrypted data. The weakness falls under CWE‑77 – indicating an improper validation of a user-supplied expression that may lead to command injections or skipping of integrity checks. As a result, unauthorized users could gain read or alter access to a protected volume without needing the standard authentication mechanism.

Affected Systems

The vulnerability affects Microsoft Windows 11 versions 24H2, 25H2, and 26H1, as well as Windows Server 2025, including the Server Core installation. All affected builds are identified by the corresponding CPE entries for Windows 11 and Windows Server 2025.

Risk and Exploitability

The CVSS score of 6.8 places the vulnerability in the moderate severity range, and the EPSS score is < 1% (0.00106), indicating a very low but non‑zero chance of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the publicly released proof of concept, the attack vector appears to be local or requires elevated privileges, but this inference is not confirmed in the official description.

Generated by OpenCVE AI on May 23, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure all BitLocker volumes are configured with TPM+PIN or an equivalent authentication method and avoid relying solely on default encryption.
  • Apply any temporary mitigations or configuration changes Microsoft recommends, such as disabling YellowKey if guidance is provided; do not revert after the security update is installed.
  • Continuously monitor Microsoft security advisories and apply the official patch for CVE‑2026‑45585 as soon as it becomes available.

Generated by OpenCVE AI on May 23, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*		 cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:x64:*

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:x64:*		 cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:arm64:*

Fri, 22 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &quot;YellowKey&quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &quot;YellowKey&quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.

Wed, 20 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 25h2
CPEs cpe:2.3:o:microsoft:windows_11_2H2:*:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:x64:*
Vendors & Products Microsoft windows 11 2h2
Microsoft windows 11 25h2

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*

Wed, 20 May 2026 13:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025 (server Core Installation)
Vendors & Products Microsoft windows 11 24h2
Microsoft windows 11 25h2
Microsoft windows 11 26h1
Microsoft windows Server 2025 (server Core Installation)

Wed, 20 May 2026 00:00:00 +0000

Type Values Removed Values Added
Description Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as &quot;YellowKey&quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.
Title Windows BitLocker Security Feature Bypass Vulnerability
First Time appeared Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 26h1
Microsoft windows 11 2h2
Microsoft windows Server 2025
Weaknesses CWE-77
CPEs cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_2H2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows 11 24h2
Microsoft windows 11 26h1
Microsoft windows 11 2h2
Microsoft windows Server 2025
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C'}

Subscriptions

Microsoft Windows 11 24h2 Windows 11 24h2 Windows 11 25h2 Windows 11 25h2 Windows 11 26h1 Windows 11 26h1 Windows Server 2025 Windows Server 2025 (server Core Installation)
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2026-06-09T19:33:59.604Z

Reserved: 2026-05-12T19:55:45.729Z

Link: CVE-2026-45585

cve-icon Vulnrichment

Updated: 2026-05-20T12:46:25.016Z

cve-icon NVD

Status : Modified

Published: 2026-05-20T00:16:44.380

Modified: 2026-05-22T23:16:56.123

Link: CVE-2026-45585

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T00:30:05Z

Weaknesses