1. Nightmare-Eclipse’s YellowKey software bypasses BitLocker encryption on Windows 11 and newer systems by exploiting code in WinRE, leaving Windows 10 unaffected.
2. The hack allows unauthorized access by booting into Windows Recovery Environment and executing the YellowKey files, which unlocks all affected drives.
3. Users should immediately secure valuable data with additional encryption tools like VeraCrypt or 7-Zip, as no official fix from Microsoft is currently available.
Security Concerns Rise Over New BitLocker Bypass Malware
Nightmare-Eclipse just dropped a new software called YellowKey, that can bypass the security on affected BitLocker encrypted disks without the user needing to enter any password. This exploit takes advantage of leftover code in the WinRE environment to disable BitLocker while the system is in recovery mode. The vulnerability mainly targets Windows 11 and Windows Server 2022 & 2025, but doesn’t impact Windows 10 due to differences in how WinRE functions.
Protection Strategies for Sensitive Data
If you are someone who keeps valuable things like cybercoins, secret passwords, or personal information on a Windows 11 machine, it’s a good idea to stop using BitLocker immediately and move those data to another secured location. You could use encryption tools like 7-Zip with AES-256 encryption or VeraCrypt, which offers multiple encryption algorithms for added security.
How the Hack is Executed
Once the YellowKey files are stored on a USB stick or directly copied into the EFI partition of an infected drive, hackers can launch the attack by booting into Windows Recovery Environment with specific keyboard keys. This action immediately unlocks all sensitive drives, granting free access to attackers. What’s dangerous is that the attack activates a test mode in WinRE that automatically unlocks drives encrypted with BitLocker, and can set a FailRelock flag to prevent re-locking, giving hackers full command line access.
Windows 10 Safe From This Flaw?
This security flaw does not appear to affect Windows 10’s WinRE environment, though other recent versions of Windows might be vulnerable. Nonetheless, Microsoft has NOT issued any security patch yet for this problem. Users need to manually verify if their drives are using BitLocker, and organizations should consider all data on affected systems as fully exposed until a fix is released.