Microsoft BitLocker – YellowKey zero-day exploit

Here's the primary source: https://deadeclipse666.blogspot.com/2026/05/two-more-public-...

Other links:

https://github.com/Nightmare-Eclipse/YellowKey

https://github.com/Nightmare-Eclipse/GreenPlasma

The BitLocker exploit seems simple and very dangerous. Companies and individuals have been relying on BitLocker to protect information if the device is lost. Despite promises, Microsoft doesn’t seem to be serious about security.

What will it take for more companies to truly understand their risks with Windows and being locked into Microsoft’s platforms?

https://infosec.exchange/@wdormann/116565129854382214

Remarkable. Does MS take a huge reputational hit for having a backdoor, or are they so essential to most places this won’t matter?

This looking so much like an intentional backdoor just makes me wonder even more about TrueCrypt's sudden recommendation in 2014 that everyone switch to BitLocker. This particular backdoor didn't exist then (it's only Win11 apparently) but this sure makes it seem more plausible that another one might have.

Though if TrueCrypt was killed to try and get people to switch to encryption that could be backdoored, then why allow its successor VeraCrypt to exist? It's open source and independently audited, so it really shouldn't be backdoored.

What's with all the replies on these threads downplaying this? Why is it mainly brand new accounts? What's going on here?

I've seen every variant of:

1) "this is an authentication/privilege escalation bug, not a bitlocker exploit" (? what are you even trying to say)

2) "even though the attacker explicitly warns that this is capable of bypassing TPM+PIN, that isn't actually true or what he meant"

3) "we shouldn't jump to conclusions that this is a backdoor"

4) "we already knew BitLocker with just TPM isn't secure" (? except many organizations depend on it to be)

How is this even possible, backdoor or no? Isn't the whole point of this type of encryption that even a compromised machine can't decrypt without the passphrase? If this works it means that the key is stored unencrypted somewhere?

Earlier thread: https://news.ycombinator.com/item?id=48114997

[dupe] https://news.ycombinator.com/item?id=48129789

And earlier

https://news.ycombinator.com/item?id=48114997

For those who use password (not PIN) based pre-boot authentication with BitLocker... do we know if that setup is safe?

I can't imagine there would be a way to bypass that if a password is required, unless it was a situation where like, there was originally some secret secondary key made that needs no password... or the password was never tied to the key in the first place.