A security researcher says Microsoft secretly built a backdoor into BitLocker, releases an exploit to prove it

A security researcher known as Nightmare-Eclipse has released YellowKey, an exploit claiming to fully bypass BitLocker's full-volume encryption on Windows 11 and Server 2022/2025. The attack involves copying a specific 'FsTx' folder to a USB drive or the EFI partition, rebooting into Windows Recovery Environment, and following a specific input sequence — resulting in unrestricted shell access to encrypted volumes with no password required. The researcher alleges the flaw is an intentional backdoor embedded by Microsoft, noting the triggering component only exists in official WinRE images and the behavior is absent on Windows 10. Third-party researchers have confirmed the exploit behaves as described. A second exploit, GreenPlasma, enabling privilege escalation was also released. Microsoft has not yet responded. Mitigation advice includes using alternative full-disk encryption tools like VeraCrypt.