Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to a Windows device to bypass Bitlocker encryption protection and read and write files. The flaw was disclosed last week, and there is already a public proof of concept available.
The company issued an advisory Tuesday saying that companies should act to mitigate the issue, tracked as CVE-2026-45585, while it examines the possibility of a patch. In its advisory, it provided the immediate steps that companies should take. A key defense against possible attack is to limit access to vulnerable devices, as physical access is required for exploit.
“Organizations should start ...