YellowKey, a newly released software tool, can fully bypass Microsoft BitLocker encryption on affected Windows 11 and Windows Server 2022 and 2025 PCs. This exploit allows attackers to access encrypted data without needing passwords, putting bitcoins, personal files, and sensitive information at significant risk.
How YellowKey Exploits BitLocker on Windows 11
The hack targets a vulnerability in the Windows Recovery Environment (WinRE), a separate boot environment used for troubleshooting and recovery. YellowKey leverages leftover code in WinRE that triggers a test mode where BitLocker encryption is automatically disabled. This allows the attacker to unlock encrypted drives without authentication.
By copying YellowKey files onto a USB drive or directly into the EFI partition of a BitLocker-encrypted disk, an attacker can boot into WinRE while holding specific keys. This action immediately unlocks all vulnerable drives, granting full access to all stored data. Related coverage: Consumer Rights Advocate Criticizes EA Over Dead Space 2 DRM Lockouts.
Why Windows 11 and Server Versions Are Vulnerable
This exploit affects Windows 11 and certain Windows Server versions because of differences in their WinRE implementations compared to Windows 10. Notably, Windows 10 systems are reportedly not vulnerable to this attack, as their recovery environment lacks the exploitable test mode present in newer versions.
Risks for Users and Businesses
Users storing valuable digital assets like bitcoins, password databases, or sensitive personal data on BitLocker-encrypted Windows 11 PCs should act quickly. Experts recommend transferring such data to drives or folders secured by alternative encryption tools, such as 7-Zip with AES-256 or VeraCrypt, which offer layered encryption methods.
For businesses, this vulnerability means that all confidential information stored on affected systems could be compromised. Since Microsoft has not yet acknowledged the issue or issued a patch, the risk remains unmitigated.
Checking and Protecting Your BitLocker Drives
Users can verify if their drives are protected by BitLocker through their system settings. Until a fix is released, it is advisable to consider all data on vulnerable systems fully exposed and take precautionary steps, including using alternative encryption solutions and limiting physical access to devices.
(Via)
