Summary
- BitLocker has a previously unknown zero-day exploit that lets attackers gain full filesystem access.
- An attacker with physical access can use a USB and WinRE to bypass recovery and open a system command prompt.
- Enable a BitLocker PIN, strong password, offline recovery key, and BIOS/UEFI admin password until Microsoft patches.
It’s a little ironic that the Windows 11 solution Microsoft created to protect your sensitive files and data has been exploited, allowing an attacker to breach your entire system with ease.
BitLocker is designed to encrypt your PC’s filesystem in the event someone gets their hands on your physical hard drives, but according to a cybersecurity researcher known as Chaotic Eclipse or Nightmare Eclipse (GitHub), it contains a vulnerability that could give hackers carte blanche access to every file on your computer. It wouldn’t be the first time BitLocker’s flaws have been exposed, either.
Bitlocker backdoor
Unrestricted access, but with a catch
The exploit, which anyone can download and compile from GitHub as of writing, targets two present vulnerabilities, “YellowKey” and “GreenPlasma.” Once executed, the duo allows an attacker to first gain unrestricted access to your file system and then grant themselves unmitigated privileges to directly manipulate system services and drivers. It reportedly only works on Windows 11 (including the 2022 and 2025 server editions), but not Windows 10.
Researchers typically report these vulnerabilities to software vendors (often for a bounty) and wait until the holes are patched before disclosing their findings, but Chaotic Eclipse seems to have a vendetta against Microsoft for its response to bug reports. The researcher stopped just short of accusing the computing giant of intentionally building a backdoor.
“I can’t wait when I will be allowed to disclose the full story,” Chaotic Eclipse wrote on their blog. “I think people will find my crashout very reasonable and it definitely won’t be a good look for Microsoft.” The initial findings were confirmed by cybersecurity researchers Kevin Beaumont and Will Dormann on Mastodon.
Why Encryption Matters for Your Data Backups (And How to Do It Easily)
Protect your privacy by encrypting your backups.
How the “YellowKey” exploit puts your data at risk
An attacker would only need to copy files to a USB flash drive to access your entire system
BitLocker works by interfacing with a physical security chip found in most PCs called the Trusted Platform Module, or TPM, to verify the integrity of your system and BIOS configurations during bootup before granting access to your files. It’s easy to check BitLocker’s status to know whether it’s working. To enable a smoother, more seamless bootup, Windows uses a silent background mechanism that automatically and temporarily disables encryption.
But if an attacker has physical access to your system, YellowKey makes it relatively easy to hijack that process. By placing certain files on a USB drive or injecting them directly into a system partition, and then booting into the Windows Recovery Environment while holding the CTRL key, an attacker can bypass the normal recovery interface and access every part of your system via a command prompt window.
Should You Use Windows BitLocker to Encrypt Your Hard Drive
To BitLocker, or not to BitLocker, that is the question.
You may be relieved to know that you can enable a BitLocker setting that requires you to enter a PIN before the step in the bootup process where YellowKey would start working. However, Chaotic Eclipse says they’ve created a version of the exploit that also completely neutralizes PIN protections — graciously, they’ve decided not to release that version at this time.
The researcher goes on to warn us of an even bigger threat with the arrival of the next major Windows 11 update during June’s Patch Tuesday, typically scheduled for the second Tuesday of the month. While we await a potential response and hotfix from Microsoft, it’s probably still a good idea to enable that PIN in BitLocker for added peace of mind.
How to protect BitLocker from the “YellowKey” exploit
This trick works for now, but it might not be foolproof forever
BitLocker is only available on Windows 10 Pro and Windows 11 Pro. Windows 11 Home has similar device encryption but doesn’t offer the same granular control.
- Type bitlocker in your Start Menu search bar, then select the Best Match result.
- Select the drive you want BitLocker to encrypt, then select Turn BitLocker On.
- Choose how you want to unlock this drive. Select the option that says use a password to unlock the drive.
The usual best practice is to use a strong password that’s an alphanumeric mix of at least 8-12 characters, ideally also including symbols and mixing up letter casings. If you need to write it down, store the password somewhere safe (like in a literal safe).
From here, it’s a good idea to also create a recovery key file, which similarly should be saved to a separate storage device and stored in a secure location. As a final, added layer of security, you should also enter your computer’s BIOS/UEFI settings and set an admin password. This will help stop a thief from easily changing your computer’s boot order.
