CVE-2026-45585
Description
Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585nvdMitigationVendor Advisory
News mentions
26- ⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and MoreThe Hacker News · Jun 29, 2026
- New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML FilesThe Hacker News · Jun 11, 2026
- GreatXML BitLocker Bypass 0-Day Exploited Via Windows Defender Offline ScanCyber Security News · Jun 11, 2026
- Angry bug hunter with Microsoft beef drops new Windows 0-dayThe Register Security · Jun 10, 2026
- Record Microsoft Patch Tuesday, fresh zero-dayHelp Net Security · Jun 10, 2026
- Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-daysBleepingComputer · Jun 10, 2026
- Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE BugsThe Hacker News · Jun 10, 2026
- Patch Tuesday - June 2026Rapid7 Blog · Jun 9, 2026
- Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-2026-50507)Tenable Blog · Jun 9, 2026
- Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flawsBleepingComputer · Jun 9, 2026
- Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure BacklashSecurityWeek · Jun 3, 2026
- Microsoft MSRC Allegedly Dismissed Dependency Confusion Vulnerability, Claims ResearcherCyber Security News · Jun 2, 2026
- Critical Windows Netlogon RCE flaw now exploited in attacksBleepingComputer · Jun 1, 2026
- Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse ControversyCyber Security News · Jun 1, 2026
- Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls copsThe Register Security · May 28, 2026
- Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account RemovalThe Hacker News · May 28, 2026
- Microsoft Condemns "Uncoordinated" Zero Day DisclosuresInfosecurity Magazine · May 28, 2026
- Microsoft Warns Public Release of Zero-Day Details Before Vendor CoordinationCyber Security News · May 28, 2026
- ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain ChaosThe Hacker News · May 25, 2026
- Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploitedHelp Net Security · May 24, 2026
- Breach Roundup: Shai-Hulud Copycat Hits npmGovInfoSecurity · May 22, 2026
- Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)Help Net Security · May 21, 2026
- Microsoft Rolls Out Mitigations for ‘YellowKey’ BitLocker BypassSecurityWeek · May 20, 2026
- Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)Help Net Security · May 20, 2026
- Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 ExploitThe Hacker News · May 20, 2026
- Microsoft shares mitigation for YellowKey Windows zero-dayBleepingComputer · May 20, 2026