Zero-Day Exploit Against Windows BitLocker

Monday, May 18, 2026 at 11:08 AM UTC·Source: Schneier on Security

Updated: Monday, May 18, 2026 at 12:00 PM UTC

Executive Summary

Analysis

It’s nasty , but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments...

Source Attribution

Originally published by Schneier on Security on May 18, 2026.

Related Threats

CRITICALZero Day

‘Patched’ Windows bug resurfaces 6 years later as working SYSTEM-level exploit

An old elevation-of-privilege (EoV) vulnerability affecting the Cloud Filter driver “cldflt.sys” in Windows has come back to haunt Microsoft, as researchers claim it is still exploitable six years after it was supposedly patched. The flaw, originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020, was recently picked up by Nightmare Eclipse , a researcher o

CVE-2020-17103CVE-2026-33825

3h agoCSO Online

CRITICALZero Day

Security Researchers Find 47 Zero-Days at Pwn2Own Berlin

The research community was awarded $1.3m as it found dozens of novel vulnerabilities at Pwn2Own Berlin

6h agoInfosecurity Magazine

CRITICALZero Day

Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026

The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]

10h agoBleepingComputer