Vulnerability-Lookup

CVE-2026-45585 (GCVE-0-2026-45585)

Vulnerability from cvelistv5 – Published: 2026-05-19 23:30 – Updated: 2026-05-21 03:55

Title

Windows BitLocker Security Feature Bypass Vulnerability

Summary

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

microsoft

References

1 reference

URL	Tags
https://msrc.microsoft.com/update-guide/vulnerabi…	vendor-advisorypatch

Impacted products

5 products

Vendor	Product	Version
Microsoft	Windows 11 Version 24H2	Affected: -
Microsoft	Windows 11 Version 25H2	Affected: -
Microsoft	Windows 11 version 26H1	Affected: -
Microsoft	Windows Server 2025	Affected: -
Microsoft	Windows Server 2025 (Server Core installation)	Affected: -

Date Public ?

2026-05-19 14:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45585",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-20T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-21T03:55:18.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/Nightmare-Eclipse/YellowKey"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 24H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 Version 25H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows 11 version 26H1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        },
        {
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2025 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "-"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:x64:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:x64:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*",
                  "versionStartIncluding": "-",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-05-19T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as \u0026quot;YellowKey\u0026quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T23:28:39.886Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Windows BitLocker Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
        }
      ],
      "title": "Windows BitLocker Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-45585",
    "datePublished": "2026-05-19T23:30:26.247Z",
    "dateReserved": "2026-05-12T19:55:45.729Z",
    "dateUpdated": "2026-05-21T03:55:18.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-45585",
      "date": "2026-05-20",
      "epss": "0.00083",
      "percentile": "0.24058"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-45585\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2026-05-20T00:16:44.380\",\"lastModified\":\"2026-05-20T16:42:42.177\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as \u0026quot;YellowKey\u0026quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"1799DC19-34BA-42B4-A6DC-02774202DE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AAAB3FDE-4FF2-47DE-9BDA-25B2855054E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"DA9F6F61-46D3-4ECD-8B5D-1484222B7364\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B12238F-DF99-4247-B645-259C3FD98F61\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\",\"Mitigation\"]},{\"url\":\"https://github.com/Nightmare-Eclipse/YellowKey\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-45585\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-20T12:48:37.964026Z\"}}}], \"references\": [{\"url\": \"https://github.com/Nightmare-Eclipse/YellowKey\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-20T12:46:25.016Z\"}}], \"cna\": {\"title\": \"Windows BitLocker Security Feature Bypass Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Windows 11 Version 24H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 Version 25H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows 11 version 26H1\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2025\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"platforms\": [\"x64-based Systems\"]}, {\"vendor\": \"Microsoft\", \"product\": \"Windows Server 2025 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2026-05-19T14:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585\", \"name\": \"Windows BitLocker Security Feature Bypass Vulnerability\", \"tags\": [\"vendor-advisory\", \"patch\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as \u0026quot;YellowKey\u0026quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_25H2:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_24H2:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}, {\"criteria\": \"cpe:2.3:o:microsoft:windows_11_26H1:*:*:*:*:*:*:x64:*\", \"vulnerable\": true, \"versionStartIncluding\": \"-\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2026-05-20T23:28:39.886Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-45585\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-20T23:28:39.886Z\", \"dateReserved\": \"2026-05-12T19:55:45.729Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2026-05-19T23:30:26.247Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0622

Vulnerability from certfr_avis - Published: 2026-05-20 - Updated: 2026-05-20

De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Elles permettent à un attaquant de provoquer une élévation de privilèges et un contournement de la politique de sécurité.

Microsoft indique qu'une preuve de concept est disponible publiquement pour la vulnérabilité CVE-2026-45585, aussi appelée YellowKey. À défaut de publier un correctif de sécurité, l'éditeur propose une mesure de contournement dans l'avis de sécurité associé (cf. section Documentation).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	Windows Server 2025 (Server Core installation)
Microsoft	N/A	Windows Admin Center in Azure Portal versions antérieures à 0.72.0.0.
Microsoft	N/A	Windows Server 2025
Microsoft	N/A	Windows 11 version 26H1 pour systèmes x64
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes x64
Microsoft	N/A	Windows 11 Version 25H2 pour systèmes x64

References

Title

Publication Time

FKIE_CVE-2026-45585

Vulnerability from fkie_nvd - Published: 2026-05-20 00:16 - Updated: 2026-05-20 16:42

Severity ?

6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585	Vendor Advisory, Mitigation
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/Nightmare-Eclipse/YellowKey	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	windows_11_24h2	*
microsoft	windows_11_25h2	*
microsoft	windows_11_26h1	*
microsoft	windows_server_2025	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:x64:*",
              "matchCriteriaId": "1799DC19-34BA-42B4-A6DC-02774202DE22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_25h2:*:*:*:*:*:*:x64:*",
              "matchCriteriaId": "AAAB3FDE-4FF2-47DE-9BDA-25B2855054E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_26h1:*:*:*:*:*:*:x64:*",
              "matchCriteriaId": "DA9F6F61-46D3-4ECD-8B5D-1484222B7364",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B12238F-DF99-4247-B645-259C3FD98F61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as \u0026quot;YellowKey\u0026quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available."
    }
  ],
  "id": "CVE-2026-45585",
  "lastModified": "2026-05-20T16:42:42.177",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-05-20T00:16:44.380",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory",
        "Mitigation"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Nightmare-Eclipse/YellowKey"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}

GHSA-2H24-8RJH-QGJV

Vulnerability from github – Published: 2026-05-20 00:31 – Updated: 2026-05-20 15:35

Details

Severity ?

6.8 (Medium)


                  
                    CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-45585"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-20T00:16:44Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as \u0026quot;YellowKey\u0026quot;. The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices.\nWe are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available.",
  "id": "GHSA-2h24-8rjh-qgjv",
  "modified": "2026-05-20T15:35:28Z",
  "published": "2026-05-20T00:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45585"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Nightmare-Eclipse/YellowKey"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-45585

Vulnerability from csaf_microsoft - Published: 2026-05-12 07:00 - Updated: 2026-05-21 07:00

Summary

Windows BitLocker Security Feature Bypass Vulnerability

Severity

Important

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.

CVE-2026-45585

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Fixed 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 12390		—
Unresolved product id: 12436		—
Unresolved product id: 12437		—
Unresolved product id: 20438		—
Unresolved product id: 20853		—

Known affected 5 products

Product	Identifier	Version	Remediation
Unresolved product id: 1		—
Unresolved product id: 2		—
Unresolved product id: 3		—
Unresolved product id: 4		—
Unresolved product id: 5		—

Threats

Impact Security Feature Bypass

Exploit Status Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely

References

7 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self
https://www.microsoft.com/en-us/msrc/exploitabili…	external
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/update-guide/vulnerabi…	self
https://msrc.microsoft.com/csaf/advisories/2026/m…	self

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
      },
      {
        "category": "self",
        "summary": "CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-45585.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Windows BitLocker Security Feature Bypass Vulnerability",
    "tracking": {
      "current_release_date": "2026-05-21T07:00:00.000Z",
      "generator": {
        "date": "2026-05-21T07:29:50.981Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-45585",
      "initial_release_date": "2026-05-12T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-05-19T07:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-05-20T07:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Updated **Step 2** of the first mitigation. This is an informational change only."
        },
        {
          "date": "2026-05-21T07:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added a script to implement a mitigation and removed the manual mitigations. Please read the information to decide if you need to run the provided script."
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-45585",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.",
          "title": "What kind of security feature could be bypassed by successfully exploiting this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Yes. This script is an interim security fix that helps to reduce the risk of exploitation of the vulnerability.\nThe script is for WinRE and removes autofstx.exe from the BootExecute registry value. Since BootExecute runs programs very early in boot (even in recovery mode), removing this entry prevents that executable from running in a high\u2011privilege environment, reducing risk.\nIt works by mounting the WinRE image, editing its offline SYSTEM registry to remove the entry if present, then safely committing changes and re\u2011sealing WinRE so BitLocker trust remains intact.\nIt\u2019s designed to be safe\u2014if the autofstx.exe entry isn\u2019t there, it exits without making changes.",
          "title": "Is there a script that I can copy and paste to implement a mitigation?"
        }
      ],
      "product_status": {
        "fixed": [
          "12390",
          "12436",
          "12437",
          "20438",
          "20853"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
        },
        {
          "category": "self",
          "summary": "CVE-2026-45585 Windows BitLocker Security Feature Bypass Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/csaf/advisories/2026/msrc_cve-2026-45585.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "PROOF_OF_CONCEPT",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "WORKAROUND",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Security Feature Bypass"
        },
        {
          "category": "exploit_status",
          "details": "Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely"
        }
      ],
      "title": "Windows BitLocker Security Feature Bypass Vulnerability"
    }
  ]
}

NCSC-2026-0165

Vulnerability from csaf_ncscnl - Published: 2026-05-20 06:21 - Updated: 2026-05-20 06:21

Summary

Kwetsbaarheid aangetroffen in Microsoft Windows

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Microsoft heeft maatregelen gepubliceerd voor een kwetsbaarheid in Windows besturingssystemen waarmee lokale kwaadwillenden toegang kunnen krijgen tot data die via BitLocker is versleuteld.

Interpretaties: De kwetsbaarheid betreft een security feature bypass in Windows, bekend als 'YellowKey'. Er is een proof of concept beschikbaar die aantoont hoe de kwetsbaarheid kan worden misbruikt. De kwetsbaarheid zit niet in de encryptie zelf, maar in de herstelomgeving die BitLocker omringt.

Oplossingen: Microsoft is bezig met het uitbrengen van een security update om de kwetsbaarheid volledig te verhelpen. Tot die tijd zijn er mitigerende maatregelen beschikbaar die als tijdelijke maatregel kunnen worden toegepast. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVE-2026-45585

Microsoft has acknowledged a Windows security feature bypass vulnerability named 'YellowKey' with a public proof of concept and issued a CVE to provide mitigation guidance pending a security update.

6.8 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Affected products

Known affected 8 products

Product	Identifier	Version	Remediation
vers:unknown/* Microsoft / Windows 11 Version 24H2		vers:unknown/*
vers:unknown/* Microsoft / Windows 11 Version 24H2 for x64-based Systems		vers:unknown/*
vers:unknown/* Microsoft / Windows 11 Version 25H2		vers:unknown/*
vers:unknown/* Microsoft / Windows 11 Version 25H2 for x64-based Systems		vers:unknown/*
vers:unknown/* Microsoft / Windows 11 version 26H1		vers:unknown/*
vers:unknown/* Microsoft / Windows 11 version 26H1 for x64-based Systems		vers:unknown/*
vers:unknown/* Microsoft / Windows Server 2025		vers:unknown/*
vers:unknown/* Microsoft / Windows Server 2025 (Server Core installation)		vers:unknown/*

References

2 references

URL	Category
https://msrc.microsoft.com/update-guide/vulnerabi…	external
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Microsoft heeft maatregelen gepubliceerd voor een kwetsbaarheid in Windows besturingssystemen waarmee lokale kwaadwillenden toegang kunnen krijgen tot data die via BitLocker is versleuteld.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheid betreft een security feature bypass in Windows, bekend als \u0027YellowKey\u0027. Er is een proof of concept beschikbaar die aantoont hoe de kwetsbaarheid kan worden misbruikt. De kwetsbaarheid zit niet in de encryptie zelf, maar in de herstelomgeving die BitLocker omringt.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Microsoft is bezig met het uitbrengen van een security update om de kwetsbaarheid volledig te verhelpen. Tot die tijd zijn er mitigerende maatregelen beschikbaar die als tijdelijke maatregel kunnen worden toegepast. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585"
      }
    ],
    "title": "Kwetsbaarheid aangetroffen in Microsoft Windows",
    "tracking": {
      "current_release_date": "2026-05-20T06:21:50.564164Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0165",
      "initial_release_date": "2026-05-20T06:21:50.564164Z",
      "revision_history": [
        {
          "date": "2026-05-20T06:21:50.564164Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 24H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 24H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 25H2"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 Version 25H2 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 version 26H1"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows 11 version 26H1 for x64-based Systems"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2025"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Windows Server 2025 (Server Core installation)"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-45585",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        },
        {
          "category": "description",
          "text": "Microsoft has acknowledged a Windows security feature bypass vulnerability named \u0027YellowKey\u0027 with a public proof of concept and issued a CVE to provide mitigation guidance pending a security update.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-45585 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-45585.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8"
          ]
        }
      ],
      "title": "CVE-2026-45585"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-45585 (GCVE-0-2026-45585)

CERTFR-2026-AVI-0622

Solutions

FKIE_CVE-2026-45585

GHSA-2H24-8RJH-QGJV

MSRC_CVE-2026-45585

NCSC-2026-0165

Tags

Sightings

Nomenclature