A zero-day exploit called YellowKey has been published by a researcher known as Nightmare-Eclipse that reliably bypasses BitLocker full-volume encryption on default Windows 11 deployments. The attack works by circumventing the TPM-stored decryption key, though it requires physical access to the target machine. BitLocker is a mandatory security control for many organizations, including government contractors, making this a significant concern.
Sort: