Microsoft Windows BitLocker Security Feature Bypass Vulnerability

A security feature bypass vulnerability has been identified in Windows, commonly referred to as 'YellowKey'. This vulnerability allows an attacker with physical access to a device to bypass the BitLocker encryption, potentially gaining access to encrypted data. The vulnerability affects multiple versions of Windows 11 and Windows Server 2025, both in standard and Server Core installations.

Impact

Exploitation of this vulnerability could lead to unauthorized access to data protected by BitLocker encryption, allowing an attacker to access sensitive information on the encrypted storage device.

Remediation

Users can mitigate this vulnerability by adding a PIN to their BitLocker protection. For devices already encrypted with a TPM-only protector, instructions are available for using PowerShell, the command line, or the Control Panel to add a PIN. For devices not yet encrypted, guidance is provided for using Microsoft Intune or Group Policies to configure BitLocker settings that require a PIN at startup.