Home / Technology / Windows 11 BitLocker Bypassed in Seconds!
Windows 11 BitLocker Bypassed in Seconds!
15 May
Summary
- A new exploit, YellowKey, bypasses Windows 11 BitLocker protections.
- The exploit requires physical access and a USB drive with custom files.
- Microsoft is currently investigating the reported vulnerability.
A newly discovered zero-day exploit, dubbed YellowKey, allows for the rapid bypass of BitLocker encryption on Windows 11 systems. This exploit targets the default configuration where BitLocker keys are stored solely in the Trusted Platform Module (TPM). Researchers have confirmed that with physical access and a specially prepared USB drive, attackers can gain complete access to encrypted drives within seconds.
The YellowKey exploit leverages a custom FsTx folder, reportedly related to Microsoft's transactional NTFS (TxF) functionality. By inserting a USB drive containing this folder and initiating Windows recovery, the exploit appears to circumvent the need for a BitLocker recovery key. This bypass was confirmed by security researchers Kevin Beaumont and Will Dormann.
Details suggest the FsTx directory on the USB drive can interfere with the Windows Recovery environment on the target system. This interference reportedly deletes a critical configuration file, winpeshl.ini, thereby granting a command prompt with full access to the encrypted drive. While Microsoft has stated it is investigating, the vulnerability highlights concerns about TPM-only BitLocker configurations.
Security experts advise users to consider additional measures like enabling BIOS password locks as a temporary precaution. Many security professionals have long advocated for requiring a PIN in addition to TPM for BitLocker, a configuration not compromised by this specific exploit.
