Category: Software

  • Ayaneo Unveils Konkr Pocket Block AI Handheld

    Ayaneo Unveils Konkr Pocket Block AI Handheld

    Key Takeaway

    – Ayaneo officially unveils the Konkr Pocket Block, billed as the world’s first AI handheld, with a compact, retro-cyber design and lightweight form factor.
    – The device runs Android with Ayaneo’s custom UI and is expected to include Ayaneo’s new emulator, though specific AI features are not yet revealed.
    – It features a touch display, stereo speakers, an audio jack, and shoulder buttons, and will be showcased alongside existing Pocket Vert and Pocket DMG models for size comparison.

    Ayaneo has officially revealed the Konkr Pocket Block, a vertical handheld that the company touts as the world’s first AI handheld. After a prior leak, the launch happened during a product sharing session, Ayaneo’s first in several months. No technical specs were disclosed in detail, but two color options were showcased, and the design is described as a fusion of retro aesthetics with a cyber-inspired design language.

    Design and size

    In style, the Konkr Pocket Block is pitched as lightweight and compact. A still image from the sharing session indicates it sits noticeably smaller than the Pocket Vert and the Pocket DMG vertical handhelds, with a comparison to several devices shown in a YouTube video. The overall impression is that it could easily fit into a pocket, reminiscent of the TrimUI Brick in terms of portability.

    AI features and expectations

    On the AI front, Ayaneo states in a press release that the Konkr Pocket Block will “deliver a smarter and more immersive gaming experience while staying true to the essence of portable gaming.” Even though CEO Arthur Zhang demonstrated a working unit during the event, the specifics of the AI features remained undisclosed here, leaving enthusiasts curious about what intelligence actually powers the handheld.

    Hardware, software, and availability

    The Konkr Pocket Block includes a touch display, stereo speakers, an audio jack, and shoulder buttons. It is set to run Android out of the box and will feature Ayaneo’s custom UI. It’s also anticipated to include Ayaneo’s new emulator, which debuted on the Pocket Air Mini Arcade Home Limited Edition. While no official price was announced at launch, the device is expected to be affordable as it’s released under the Konkr brand.

    Sources
    Tags: , , , ,
  • Denuvo Added to 007 First Light 6 Days Before Launch Date

    Denuvo Added to 007 First Light 6 Days Before Launch Date

    Key Takeaway

    – Publishers are increasingly adding Denuvo DRM closer to game launches, provoking backlash from players and concerns about accessibility and performance.
    – Player responses are mixed to negative, with pre-orders at risk of cancellation, and warnings about intrusive authentication and potential impact on frame rates.
    – Public demand includes clearer DRM disclosures and more transparency from publishers/Valve, amid worries about long-term accessibility and the effectiveness of anti-piracy measures.

    Overview

    In a growing trend, publishers continue to add Denuvo DRM to Steam games closer to launch. IO Interactive’s upcoming James Bond thriller is the latest example. Just 6 days before the 007 First Light release date, the disclaimer is now visible on Valve’s marketplace. Prices and specifications are retained from the original text for accuracy.

    DRM and Industry Reaction

    Irdeto’s DRM remains a popular way to curb piracy, even though the hypervisor bypass overcomes the protection. Other recent Denuvo games include Lego Batman: Legacy of the Dark Knight. Its fans learned of its existence about 2 weeks ahead of its debut. Crimson Desert players had less warning in March, prompting outrage. Critics and gamers alike express mixed feelings about the approach, with some citing potential long-term accessibility issues and intrusive server checks on PCs.

    Public Sentiment

    Not surprisingly, gamers are not welcoming the news on Reddit and Steam forums. Buyers have threatened to cancel 007 First Light pre-orders, which began in September 2025. Critics have concerns about the game’s long-term accessibility and intrusive server authentication on PCs. Some posts reflect frustration with the timing and perceived transparency, while others emphasize ongoing skepticism about DRM effectiveness.

    Performance and Requirements

    Another worry is that Denuvo will impact performance. Its effects vary, but marginal differences were detected in Resident Evil Requiem. IO Interactive’s project already drew skepticism when it listed its memory-hungry system requirements. However, after a two-month release date delay, previews highlight optimized visuals. The balance between protection and playability remains a central topic of discussion among players and reviewers alike.

    Community Responses

    Even if frame rates are stable, some James Bond fans are allocating their money elsewhere. Posts in the Steam game’s forum condemn the late confirmation of the anti-piracy tactic. Redditors are also upset, with etakarine canceling a 007 First Light pre-order, calling the move “scummy behavior.” These reactions showcase a broader debate about DRM ethics and consumer choice, with many urging clearer communication from publishers.

    Calls for Transparency

    One request is for Valve to require publishers to include Denuvo disclaimers before accepting orders. There have been similar complaints about generative AI-related notifications. In several instances, the presence of machine-generated assets wasn’t known until after launches. The call for upfront notices aligns with a wider demand for honesty in how games are marketed and protected on launch day.

    Outlook

    Some observers question why companies are still embracing the DRM. By the 007 First Light release date, it’s possible pirates will crack the title. The hypervisor bypass requires disabling certain Windows security settings, limiting its appeal. On the other hand, recent arrivals like Pragmata have seen the protection cracked without needing the workaround. The ongoing tension between anti-piracy measures and user experience remains unresolved as the release nears.

     


    Sources

    Tags: , , , ,
  • Forza Horizon 6: Popular Mod, But Installation Fails

    Forza Horizon 6: Popular Mod, But Installation Fails

    Key Takeaway

    – Spotify Radio mod for FH6 streams Spotify through the in-game Streamer Mode station, displaying live metadata on HUD and functioning like a native radio station.
    – Requires Spotify Premium and uses Spotify Connect to integrate with the game’s radio.
    – The mod has been quarantined on Nexus Mods due to a DLL that tweaks game launch, leading to blocked downloads until safety review is completed.

    Overview

    It’s only been two days since the general global launch of Forza Horizon 6, and the game has smashed multiple records for Microsoft. The latest instalment in the long-running franchise is seeing massive concurrent player peaks with an active community around it. That includes the modding community, and among many interesting mods is one that makes the game even more fun. There must be some buzz around it that keeps players talking and exploring new tweaks, even with some risks involved.

    Spotify Radio Mod

    The mod in question is Spotify Radio by BigJohn0. It’s exactly as it sounds, and those who use Spotify for their music can integrate it into Forza Horizon 6’s radio. It uses Spotify Connect to stream music through the Streamer Mode station. With the mod installed, Spotify interprets your PC as “FH6 Radio,” which sends music to the in-game Streamer Mode station. This linkage creates a novel way to customize in-game audio using familiar music accounts, which fans find particularly appealing for long play sessions.

    HUD and Native Feel

    What’s even cooler is that the game shows live titles and artist metadata on the HUD. On top of that, because it’s integrated into the game’s radio station, it behaves like a native radio station with volume controls, menu fades, and more. It should be noted that you do need Spotify Premium for this to work. The experience tries to mimic a seamless radio experience, while pulling real-time data from Spotify, which adds a layer of immersion that some players find very appealing despite the setup steps required.

    Limitations and Safety

    But the massive downer, you can’t install it. The mod has been quarantined on Nexus Mods because it uses a ‘.dll’ file that tweaks the game’s launch, which is how some malware attacks happen. Therefore, Nexus Mods has blocked downloads for the general public. The platform will review the file, and if it is deemed to be safe, the files will be available once again. Till then, you’ll have to stick with the in-game radio stations. This kind of risk and security concern is not unusual with powerful mods that touch core game behavior, so players weigh convenience against potential safety issues.

    BigJohn0 on Nexus Mods, Steamdb


    Sources

    Tags: , , , ,
  • Zerowriter Fold: Modern e-ink Typewriter with 100-Hour Battery

    Zerowriter Fold: Modern e-ink Typewriter with 100-Hour Battery

    Key Takeaway

    – Focused writing device: minimizes distractions by prioritizing long-form writing on a 6″ e-ink foldable screen with up to 100 hours of battery life.
    – Customizable typing experience: replaceable low-profile keyboard switches and USB keyboard compatibility to tailor feel and workflow.
    – Practical features for writers: SD card storage, QR code export to smartphones, bookmarks, and configurable text types/sizes.

    Overview of the Zerowriter Fold

    the Zerowriter Fold is presented as a modern typewriter aimed at people who want to write longer texts with minimal distractions. it emphasizes focus over multitasking, positioning itself as a device that reduces the pull of a computer or laptop. the description keeps a casual, somewhat promotional tone, and notes that the appeal lies partly in its simplicity and dedicated writing experience.

    Display and form factor

    unlike many devices that rely on bright LCDs, this gadget uses an e-ink panel. the display size is listed as 6 inches diagonally, and the screen is part of a foldable design, which supposedly adds portability and protection when folded. power efficiency is highlighted as a benefit of e-ink, with the expectation that it helps with longer writing sessions without frequent recharges.

    Hardware and connectivity

    the Zerowriter Fold includes a low-profile keyboard with switches that can be swapped out, offering a way to customize the typing feel. it can function as a USB keyboard, and it supports saving texts to an SD card. there’s also a feature to export text to a smartphone via a QR code, suggesting an integrated ecosystem for moving content between devices.

    Software features and navigation

    configuration options cover text types and sizes, among other things, and bookmarks are supported to aid navigation through longer documents. the combination of adjustable settings and bookmarking hints at a system designed for lengthy writing projects rather than quick notes.

    Pricing and timeline

    as part of a crowdfunding campaign, the current price starts at roughly 239 dollars. buyers should be aware of the financial risks common to crowdfunding. shipping costs are added on top, and delivery is not scheduled until January 2027, indicating a long lead time before product availability.

    Manufacturing and campaign notes

    the text notes that this is a crowdfunding effort, which implies potential buyers may face uncertainties associated with product development, manufacturing delays, and fulfillment timelines. the folding design and focus on a distraction-free writing experience are highlighted as core selling points, while the overall package remains focused on writing rather than general computing tasks.

    Sources
    Tags: , , , ,
  • Disco Elysium Studio’s Second Game Launches, Sparks Steam Controversy

    Disco Elysium Studio’s Second Game Launches, Sparks Steam Controversy

    Key Takeaway

    – The game released on Windows via Steam for $39.99, with a PS5 version planned later this year; Xbox Series X and Nintendo Switch 2 versions are not planned.
    – Early reception is mixed: about 2,300 concurrent Steam players and a Metascore of 83, below Disco Elysium’s 91, with 111 Steam reviews currently labeled “balanced.”
    – Controversy surrounding the developer studio (ZA/UM) and a hostile takeover in 2021–2022 is a major factor in the negative sentiment toward the game, not necessarily the game itself.
    – The game closely echoes Disco Elysium in art style, perspective, and emphasis on dialogue, creative problem-solving, and the main character’s psyche over combat.

    Zero Parades: For Dead Spies was released today for Windows PCs, and can be purchased on Steam for $39.99. A version for Sony PlayStation 5 will follow later this year, versions for Xbox Series X and Nintendo Switch 2 ($449 on Amazon) are currently not planned.

    Overview Snapshot

    As a look at SteamDB shows, the game already has over 2,300 players playing the title at the same time. That’s pretty good for an indie adventure, even if the record of 8,081 players set by Disco Elysium is a long way off. In general, Zero Parades: For Dead Spies is not yet as well received as ZA/UM’s first game, as the Metascore of 83 out of a possible 100 points shows – Disco Elysium scored 91 points.

    Reception and Controversy

    Even more shocking: the 111 Steam reviews are currently “balanced” – not a result that developers would want for a new game. However, the negative reviews are largely not due to the game itself, but to a controversy involving the developer studio. The investors at ZA/UM forced the minds behind Disco Elysium out of the company in 2021 and 2022.

    Despite the hostile takeover of the studio, Zero Parades: For Dead Spies is inevitably reminiscent of Disco Elysium due to its unusual graphic style and isometric perspective. There are also overlaps in the gameplay, as the single-player role-playing game places more emphasis on dialog and creative solutions than on combat, while the psyche of the main character once again plays a central role.

    Sources
    Tags: , , , ,
  • Red Hat Enterprise Linux 10.2 & 9.8: Core Management Enhancements

    Red Hat Enterprise Linux 10.2 & 9.8: Core Management Enhancements

    Key Takeaway

    – AI-assisted CLI enhancements (gooes) paired with enhanced color output to accelerate access to insights and commands without manual lookups.
    – Updated developer toolchains and runtimes (LLVM Toolset 21, Go 1.26 with Green Tea and HPKE, Rust 1.92, Python 3.14, Ruby 4.0, PHP 8.4, OpenJDK 25, PostgreSQL 18, MariaDB 11.8 with VECTOR).
    – Streamlined deployment and management via bootable container image mode, plus an improved image builder and upgraded system role for automation.
    – End-to-end cryptographic integrity with Red Hat Certificate System 11.0 (NIST/FIPS 204 quantum-resistant), including zero-touch provisioning for automatic certificate issuance.
    – AI-guided migration and upgrade processes (single-command Leapp upgrade; AI-assisted Ansible Automation Platform-guided approach).

    Intro and Snapshot

    According to the official blog post regarding their release (see the Source link below the last paragraph), Red Hat Enterprise Linux 10.2 and 9.8, which became available yesterday, “enhance the core strengths of RHEL to help IT leaders, developers, and administrators accelerate time-to-market, simplify hybrid cloud management, and proactively defend against advanced threats, including quantum computing risks.” Unsurprisingly, both use AI assistance alongside a set of old-school tools.

    AI and CLI Fusion

    What makes RHEL 10.2 and 9.8 stand out when it comes to AI is that these two updates combine the power of AI with the command-line interface. While using enhanced color output support, the RHEL command-line now features gooes, an AI assistant that provides quick access to insights and commands, thus eliminating the need to check the manual or go online for information.

    Developer Toolchains

    Developers get LLVM Toolset 21 (sporting the ThinLTO backend), Go Toolset 1.26 (featuring the new Green Tea garbage collector and HPKE support), Rust Toolset 1.92, Python 3.14, Ruby 4.0 (offering the new ZJIT compiler), PHP 8.4, OpenJDK 25, PostgreSQL 18, and MariaDB 11.8 (with the new VECTOR data type).

    Deployment and Management Enhancements

    OS deployment and management are now easier with bootable container image mode. Additionally, RHEL includes an enhanced image builder command and an upgraded system role, both leading to reduced manual intervention and improved automated tasks.

    Security and Certifications

    While offering end-to-end cryptographic integrity protection, RHEL now comes alongside the Red Hate Certificate System 11.0, which meets the emerging NIST standards (FIPS 204) for quantum-resistant algorithms. Since certificate lifespans are decreasing due to the emerging quantum threats, the new system introduced by Red Hat includes zero-touch provisioning, which automates certificate issuance and uses a secure, one-time passsword system.

    Migration, Upgrade, and AI

    When talking about migration and upgrade paths, AI surfaces once again. While Leapp comes with a single command for converting and upgrading to a newer major version simultaneously, delegating the upgrade process to the most appropriate teams is done using an Ansible Automation Platform-powered, AI-guided approach.

     

    Sources
    Tags: , , , ,
  • VS Code supply chain attack hits GitHub, OpenAI, Mistral AI

    VS Code supply chain attack hits GitHub, OpenAI, Mistral AI

    Key Takeaway

    – Attack exploited developer tooling and supply chain: a poisoned VS Code extension and compromised packages allowed credential theft and broad access without breaching perimeters.
    – Rapid, worm-like propagation: from TanStack package compromise to an Nx Console build, then wider exfiltration across CI/CD pipelines, affecting thousands of repos in minutes.
    – High-severity, cross-vendor impact: targets included GitHub, OpenAI, and Mistral AI, with stolen credentials and internal code assets; some customer data exposure remains a possibility if further impact is discovered.

    News Brief: Supply Chain Attack Targets Developer Tools

    GitHub confirmed today that the breach of roughly 3,800 internal repositories traces back to a poisoned version of the Nx Console VS Code extension, itself a casualty of the TanStack npm supply chain attack. The campaign, attributed to threat actor group TeamPCP and codenamed Mini Shai-Hulud, has now claimed GitHub, OpenAI, and Mistral AI as confirmed victims, with developer credentials and internal source code the primary targets across all three.

    Attack Timeline and Initial Breach

    The attack began on May 11, 2026, when TeamPCP compromised TanStack’s entire router ecosystem, spreading a worm-like payload across 170 npm packages and two PyPI packages in a single coordinated campaign. CVE-2026-45321 carries a CVSS score of 9.6. From there, the compromise reached an Nx Console developer’s device, which TeamPCP used to push a malicious build of Nx Console 18.95.0 to the Visual Studio Marketplace.

    Extension Takedown and Credential Theft

    The trojanized extension was live for exactly 18 minutes, between 12:30 pm and 12:48 pm UTC on May 18, 2026. That window was enough. The extension ran silently on startup, executing a shell command disguised as a routine MCP setup task that downloaded a hidden package from a planted commit on the official Nx GitHub repository. The credential stealer it deployed targeted 1Password vaults, Anthropic Claude code configurations, npm tokens, GitHub tokens, and AWS credentials on any developer machine that installed it during the window.

    Victim Impacts and Responses

    A GitHub employee installed the extension. TeamPCP used the harvested credentials to move through CI/CD pipelines and exfiltrate approximately 3,800 internal repositories. GitHub CISO Alexis Wales confirmed the company has “no evidence of impact to customer information stored outside of GitHub’s internal repositories,” though Wales acknowledged that some internal repos contain excerpts of customer support interactions and committed to notifying customers if any impact is discovered.

    OpenAI and Mistral AI Findings

    OpenAI confirmed two employee devices were compromised, with limited credential material exfiltrated from a subset of internal source code repositories. The company engaged a third-party digital forensics and incident response firm and is revoking its macOS app signing certificate in full on June 12, 2026. Mistral AI confirmed its npm and PyPI SDKs were trojaned as part of the same campaign, with TeamPCP advertising Mistral AI code repositories for sale on a cybercrime forum.

    Common Theme and Expert Insight

    The common factor among all victims is developer tooling. The attack never needed to breach a perimeter. It entered through packages and extensions that developers routinely install, then harvested the credentials those developers use to access everything else. OpenAI framed the implication directly: “This incident reflects a broader shift in the threat landscape — attackers are increasingly targeting shared software dependencies and development tooling rather than any single company.”

    Broader Context and Ongoing Coverage

    The breach lands as Microsoft is simultaneously dealing with its own unpatched vulnerability.

    Sources
    Tags: , , , ,
  • Smartphone with Extremely Long Battery Life: Our Surprising Review

    Smartphone with Extremely Long Battery Life: Our Surprising Review

    Key Takeaway

    – Excellent long-running battery: about 23 hours in Wi‑Fi use despite a smaller 7,500 mAh battery, outperforming many peers.
    – Strong real-world efficiency: effective processor and energy management deliver sustained performance for daily use with minimal charging needs.
    – Thermal throttling under load: noticeable heating and reduced performance during prolonged high-load tasks, limiting gains in demanding scenarios.

    Overview and Battery Life Remark

    The OnePlus Nord 6 impresses in the long-term test with a remarkable battery life of over 23 hours in Wi-Fi mode, although a smaller 7,500 mAh battery was installed compared to the Chinese version. This is a real surprise and clearly sets the device apart from many of its competitors. Different markets get different battery capacities, yet the endurance remains notably strong, suggesting smart power management and a balanced hardware approach to keep the running time solid across typical usage scenarios.

    European Variant Battery Specs

    The European model of the OnePlus Nord 6 has a 7,500 mAh battery, which is a significant reduction compared to its Chinese counterpart (OnePlus Turbo 6) with 9,000 mAh. Nevertheless, the device achieved a runtime of exactly 23 hours and 7 minutes in the WLAN web surfing test. This shows that efficiency plays a key role alongside raw capacity, allowing the phone to punch above its weight in daily tasks and light browsing sessions despite the smaller cell.

    Comparative Performance

    This is not only impressive in itself, but also significantly outperforms similarly priced models, such as the Nothing Phone (4a) with 5,080 mAh, which only achieves 18 hours. The Nord 6 thus demonstrates that a longer endurance isn’t just a factor of bigger batteries but also how well the system uses power during operation, keeping screens bright and processors busy without draining too fast.

    Thermal and Throttling Observations

    However, a serious weakness becomes apparent during longer load tests: The casing heats up considerably under high load, which we classify as problematic in the test. After a few minutes of intensive use, the system noticeably throttles the performance to prevent overheating. This thermal behavior can limit sustained performance in games or heavy multitasking, potentially affecting user experience in demanding sessions.

    Everyday Usability and Real-World Use

    In an everyday scenario, where a user runs video streams in high resolution for several hours or plays demanding games, this could lead to a noticeable drop in performance. For the typical user who mainly uses the smartphone for social media, messaging and occasional video streaming, the battery performance is more than sufficient. A commuter who is on the move for two hours a day can easily use the device for several days without having to reach for the charging cable. Even with intensive use, such as taking photos and editing images, the battery lasts for a full working day.

    Efficiency versus Capacity

    The combination of an efficient processor and good energy management ensures that the theoretical values are actually noticeable in everyday use. The OnePlus Nord 6 proves that an outstanding runtime is also possible with a reduced battery. The 23 hours in the Wi-Fi test are a strong argument for anyone who values long operating times.

    Bottom Line and Practical Takeaway

    However, you should be aware of the thermal limits, which can lead to performance losses in intensive applications. For the average user, however, the device is an excellent choice that offers a good balance between energy efficiency and performance. We explain what other aspects make the OnePlus Nord 6 a good choice in our eyes in our detailed test.

     

    Sources
      Tags: , , , , ,
    • RPG Maker Returns with HD-2D Style Like Octopath Traveler

      RPG Maker Returns with HD-2D Style Like Octopath Traveler

      Key Takeaway

      – RPG Maker U2U introduces “Perspective 2D” to add 3D depth to 2D maps, aiming to support HD-2D aesthetics without demanding expert knowledge.
      – The title is built on Unity, promising rich visual effects while preserving RPG Maker’s signature accessibility and compatibility with existing 2D assets.
      – The release is seen as a potential catalyst for a broader HD-2D indie renaissance, extending RPG Maker’s impact beyond Square Enix-published titles; no date announced yet.

      RPG Maker U2U Announced After Steam Tag Change

      Within days of Valve’s controversial decision to remove the “RPG Maker” tag from Steam, series developers Kadokawa Games have announced RPG Maker U2U, the most recent PC title since RPG Maker MZ released in 2020 and two years after RPG Maker With released for PlayStation consoles and Nintendo Switch in 2024. It’s been a long-overdue return for the RPG Maker series, which has alternated releases between PC and consoles since 1988 and enabled the creation of many a historic indie RPG, including Lisa: The Painful, OFF, Yume Nikki, Omori, and many more.

      Industry Context and Ambitions

      While the rise of Unity and Unreal Engine in recent years have taken up most of the attention regarding indie game development efforts, RPG Maker’s long-running status and flexibility to produce generational hits like the games listed above is remarkable. The series earned its OG status among prospective game developers and hobbyists alike, and the latest entry seems aimed at lowering the barrier to the creation of titles blending 3D graphics with 2D sensibilities, i.e. the “HD-2D” craze sparked by Square Enix’s Octopath Traveler in 2018 and to a lesser extent, games like 3D Dot Game Heroes in 2009.

      What’s New: Perspective 2D

      The key new RPG Maker U2U feature is called “Perspective 2D,” and it allows the addition of of 3D depth and modern graphical effects to conventional 2D maps. The announcement touts a wealth of creation tools with “no specialized knowledge required,” maintaining the ease of use RPG Maker is known for as well as compatibility with 2D assets made for previous versions of the game.

      Tech Foundation and Potential Impact

      RPG Maker U2U is also built atop the Unity Engine, which is stated to power the “rich sense of depth and beautiful effects.” While the effects shown in the trailer aren’t as flashy as what we’ve come to expect from modern HD 2D titles, U2U being built atop Unity should allow for some truly high-quality effects to be built into games utilizing the engine. For independent developers, this release may just spark a wider renaissance in HD 2D games beyond titles produced by Square Enix. Sadly, no release date has yet been confirmed, but the trailer and previous release cadence of the series point toward a release this year or next.

      Gematsu (announcement), PCGamer (Steam’s removal of the RPG Maker tag, praised by some fans & devs and hated by others)

      Sources
      Tags: , , , ,
    • Microsoft mitigates YellowKey BitLocker bypass, patch pending

      Microsoft mitigates YellowKey BitLocker bypass, patch pending

      Key Takeaway

      – Do not rely on this as a patch; apply the interim mitigation now and monitor for a full security update.
      – Disable autofstx.exe in WinRE by mounting the WinRE image, loading the system registry hive, and removing autofstx.exe from BootExecute; also consider TPM+PIN for high-risk devices.
      – Affected: Windows 11 24H2/25H2/26H1 (x64) and Windows Server 2025/Server Core; Windows 10 is not affected; Windows Server 2022 may be affected under certain conditions.

      Overview of the Mitigation Guidance for YellowKey

      Microsoft has rolled out mitigation guidance for YellowKey, the publicly disclosed BitLocker bypass now tracked as CVE-2026-45585, after a working proof of concept was published without coordinated disclosure. No full security update is available yet. The company confirmed it is working on a permanent fix and is urging administrators across affected Windows versions to apply the interim steps immediately.

      Exploit Details and Immediate Risk

      The exploit operates by deleting winpeshl.ini via Transactional NTFS (TxF), which prompts the WinRE recovery environment to spawn an unrestricted shell instead of loading the standard recovery interface. From there, an attacker with physical access gains full, unencrypted visibility into the drive’s contents, requiring no credentials, software installation, or network connection.

      Microsoft’s Interim Mitigation Steps

      Microsoft’s mitigation addresses the issue by disabling autofstx.exe, the FsTx Auto Recovery Utility, within the WinRE image. Administrators must mount the WinRE image on each affected device, load the system registry hive, and remove the autofstx.exe entry from the Session Manager’s BootExecute value. Microsoft also recommends moving high-risk devices from TPM-only BitLocker to TPM+PIN mode, which makes physical exploitation much more difficult.

      Workaround vs Patch Status

      This is a workaround, not a patch. Microsoft has not confirmed when a full update will arrive. Until it does, any machine running an affected Windows version with a USB port and the ability to reboot into recovery mode is a viable target for anyone holding the publicly available exploit code.

      Hazard Scoring and Affected Platforms

      CVE-2026-45585 carries a CVSS score of 6.8 and requires physical access, but Microsoft rates exploitation as “More Likely” given that the proof of concept is already public. Microsoft’s advisory focuses on Windows 11 24H2, 25H2, and 26H1 on x64 systems, along with Windows Server 2025 and Windows Server 2025 Server Core. Windows 10 does not experience issues because of differences in its WinRE configuration. Public technical analyses also flag Windows Server 2022 as potentially vulnerable under specific deployment conditions via the same WinRE recovery path flaw, though Microsoft has not yet addressed it formally in its advisory.

      Developer and Researcher Context

      The researcher behind the exploit, known as Nightmare-Eclipse, released it publicly before Microsoft had issued any guidance. Microsoft called the incident a violation of coordinated vulnerability disclosure practices.

      Sources
      Tags: , , , ,