Computer Forum
Windows 11 BitLocker Sicherheitslücke (Image © Cybersecuritynews)
Technical analysis of CVE-2026-45585
The BitLocker vulnerability is registered as CVE-2026-45585 and has a CVSS severity rating of 6.8. The severity is rated as medium, mainly due to the fact that the attack requires physical access to the device. However, the technical complexity required to bypass the attack is low, which increases the risk for devices left unattended or in unsecured environments.
The exploit specifically targets the Windows recovery environment. By exploiting the way the system is booted into recovery mode, attackers can bypass the layers of encryption that normally protect the system drive.
Mitigations
Since an official Windows update is not yet available, administrators must manually secure critical systems. Microsoft has released a script that targets the WinRE image of the system. This script removes the autofstx.exe file from the BootExecute registry value, preventing the executable from running with high privileges in the recovery environment.
For organizations looking for an alternative layer of security, switching from a TPM-only configuration to a TPM+PIN configuration provides protection against the current version of Yellowkey. This requirement for a pre-boot PIN prevents the exploit from gaining the necessary access to the drive. Affected software and deployment schedule
The vulnerability affects the following operating systems:
- Windows 11 (versions 24H2, 25H2 and 26H1)
- Windows Server 2025
A permanent fix is expected to be distributed via the standard Windows update channel. The expected release date coincides with the June Patchday. Until then, the manual script and PIN configurations are the only protection measures available.
Potential for further exploits
Although the current vulnerability is limited to TPM configurations, security researchers have indicated that the threat landscape could evolve. Reports suggest that there are additional exploits that can be used to bypass PIN-protected configurations. Although these additional methods have not yet been published, they indicate a continued risk to the current BitLocker architecture.
