InfoSecBulletin Cybersecurity for mankind
Microsoft has revealed a serious flaw in Windows BitLocker, known as CVE-2026-45585. The flaw was made public on May 19, 2026. No one has confirmed it is being used, but Microsoft says it is “Exploitation More Likely,” to be exploited, so quick action is needed.
The flaw is known as a Security Feature Bypass and has a high seriousness level of Important. Security audit services
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited
BD Gov.t to set up Tk192.66cr AI hub with support from Koica
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases With Zero Authentication
Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access
It is located in the Windows Recovery Environment (WinRE) and is linked to an important exploit chain called YellowKey, created by researcher Nightmare-Eclipse and shared on GitHub.
A successful attacker can take advantage of this problem to bypass BitLocker Device Encryption on the storage device, getting access to encrypted data without needing user passwords or decryption keys.
The flaw only affects Windows 11, Windows Server 2022, and Windows Server 2025.
No update is out yet; Microsoft has provided a guide with several steps to help while they work on a security fix.
Microsoft’s Mitigation Steps
Microsoft has provided a six-step mitigation procedure targeting the WinRE image directly:
To address the risk, the following mitigations have been outlined:
Mount the WinRE image on each device.
Mount the system registry hive of the mounted WinRE image.
Modify BootExecute by removing “autofstx.exe” value from Session Manager’s BootExecute REG_MULTI_SZ value.
Save and unload Registry hive.
Unmount and commit the updated WinRE image.
Reestablish BitLocker trust for WinRE.
Security teams running Windows 11 or Server 2022/2025 should focus on the WinRE fixing steps and apply TPM+PIN rules right away, before an official update comes out.
