Zero-Day Exploit Against Windows BitLocker

Zero-Day Exploit Against Windows BitLocker

It’s nasty , but it requires physical access to the computer:

> The exploit, named YellowKey, was > published > earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments.

Slashdot thread . And here’s Nightmare-Eclipse’s GitHub account.

Tags: BitLocker , exploits , Windows , zero-day

Posted on May 18, 2026 at 7:08 AM • 13 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.