redot1

Zero-Day Exploit Against Windows BitLocker

May 18, 2026

1 Min Read

cplexmath

Zero-Day Exploit Against Windows BitLocker

It’s nasty, but it requires physical access to the computer:

The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments.

Slashdot thread. And here’s Nightmare-Eclipse’s GitHub account.

Tags: BitLocker, exploits, Windows, zero-day

Posted on May 18, 2026 at 7:08 AM •
2 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.

About the author

cplexmath

Take your local GitHub sessions anywhere

Friday Squid Blogging: Bigfin Squid

► Necessary Cookies Always Active

Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.

► Functional Cookies Remark

Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.

► Analytical Cookies Remark

Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.

► Advertisement Cookies Remark

Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.