Close Menu
AI News TodayAI News Today

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    These are the first Nvidia RTX Spark laptops

    Escaping the Valley of Choice in BI

    Strava declares war on scrapers ahead of IPO

    Facebook X (Twitter) Instagram
    • About Us
    • Contact Us
    Facebook X (Twitter) Instagram Pinterest Vimeo
    AI News TodayAI News Today
    • Home
    • Shop
    • AI News
    • AI Reviews
    • AI Tools
    • AI Tutorials
    • Chatbots
    • Free AI Tools
    AI News TodayAI News Today
    Home»Chatbots»Zero-day exploit completely defeats default Windows 11 BitLocker protections
    Chatbots

    Zero-day exploit completely defeats default Windows 11 BitLocker protections

    By No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Zero-day exploit completely defeats default Windows 11 BitLocker protections
    Share
    Facebook Twitter LinkedIn Pinterest Email

    A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.

    The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments.

    When one disk volume manipulates another

    The core of the YellowKey exploit is a custom-made FsTx folder. Online documentation of this folder is hard to find. As explained later, the directory associated with the file fstx.dll appears to involve what Microsoft calls the transactional NTFS, which allows developers to have “transactional atomicity” for file operations in transactions with a single file, multiple files, or ones that span multiple sources.

    The steps for carrying out the bypass are simple:

    1. Copy the custom FsTx folder from the Nightmare-Eclipse exploit page to an NTFS- or FAT-formatted USB drive
    2. Connect the USB drive to the BitLocker-protected device
    3. Boot up the device and immediately press and hold down the [Ctrl] key
    4. Enter Windows recovery

    There are at least two ways to accomplish the third step. One way is to boot into Windows, hold down the [Shift] key, click on the power icon, and click restart. Another is to power on the device and restart it as soon as Windows starts booting.

    In either case, a command (CMD.EXE) prompt appears. The prompt has full access to the entire drive contents, allowing an attacker to copy, modify, or delete them. In a normal Windows Recovery flow, the attacker would need to enter a BitLocker recovery key. Somehow, the YellowKey exploit bypasses this safeguard. Multiple researchers, including Kevin Beaumont and Will Dormann, have confirmed the exploit works as described here.

    It’s unclear what in the custom FsTx folder causes the bypass. Dormann said that it appears to be related to Transactional NTFS, which itself uses command-log file system under the hood. Dormann further noted that by looking at the Windows fstx.dll, one will see code that explicitly looks for System Volume InformationFsTx in the FsTxFindSessions() function.”

    BitLocker completely default defeats exploit protections Windows zeroday
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleOver a year later, AMD is bringing improved FSR 4 upscaling to its older GPUs
    Next Article Musk v. Altman closing arguments
    • Website

    Related Posts

    Chatbots

    Strava declares war on scrapers ahead of IPO

    Chatbots

    An OpenAI model solved a famous math problem that stumped humans for 80 years

    Chatbots

    Unastella, a South Korean rocket startup that launched from home, raises $24M

    Add A Comment
    Leave A Reply Cancel Reply

    Top Posts

    These are the first Nvidia RTX Spark laptops

    3 Views

    Escaping the Valley of Choice in BI

    0 Views

    Strava declares war on scrapers ahead of IPO

    1 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    AI Tutorials

    Quantization from the ground up

    AI Tools

    David Sacks is done as AI czar — here’s what he’s doing instead

    AI Reviews

    Judge sides with Anthropic to temporarily block the Pentagon’s ban

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    These are the first Nvidia RTX Spark laptops

    3 Views

    Escaping the Valley of Choice in BI

    0 Views

    Strava declares war on scrapers ahead of IPO

    1 Views
    Our Picks

    Quantization from the ground up

    David Sacks is done as AI czar — here’s what he’s doing instead

    Judge sides with Anthropic to temporarily block the Pentagon’s ban

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • About Us
    • Contact Us
    • Terms & Conditions
    • Privacy Policy
    • Disclaimer

    © 2026 ainewstoday.co. All rights reserved. Designed by DD.

    Type above and press Enter to search. Press Esc to cancel.