惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
C
Check Point Blog
有赞技术团队
有赞技术团队
H
Help Net Security
V
Vulnerabilities – Threatpost
N
News | PayPal Newsroom
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
LINUX DO - 最新话题
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 【当耐特】
爱范儿
爱范儿
I
InfoQ
V
Visual Studio Blog
O
OpenAI News
Google DeepMind News
Google DeepMind News
S
Security Affairs
T
Troy Hunt's Blog
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
Engineering at Meta
Engineering at Meta
雷峰网
雷峰网
N
Netflix TechBlog - Medium
Latest news
Latest news
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Webroot Blog
Webroot Blog
S
Schneier on Security
MongoDB | Blog
MongoDB | Blog
T
Tor Project blog
V2EX - 技术
V2EX - 技术
Security Latest
Security Latest
Cloudbric
Cloudbric
The GitHub Blog
The GitHub Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
B
Blog RSS Feed
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
P
Privacy International News Feed
S
Securelist
C
Cisco Blogs
博客园_首页
TaoSecurity Blog
TaoSecurity Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threat Research - Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts

rss.livelink.threads-in-node

Probably has less bugs than windows 11 | Microsoft Community Hub Quick question about window PC requirements for meta link cable? Is it possible to run ryujinx canary on an administrator account on windows? Why Windows 11 still depends on 1990s code iphone auf pc spiegeln windows 11 – Welche Methode funktioniert zuverlässig? CHERIoT-Ibex: Closing the door on memory safety vulnerabilities with hardware-enforced protection Known issue: Upgrading Microsoft Tunnel version 20260129.1 What's New in Microsoft Entra: May 2026 Carta de validación TSP (aka.ms/TSP_Achievement_Code_Enroll...) restricted across all accounts unable to enroll Class Admin Build observability for scalable AI apps and agents selling through Microsoft Marketplace Inspektor Gadget Completes Its First Independent Security Audit Retirement of Direct Exchange ActiveSync Certificate-Based Authentication by End of 2026 Export mixed text and tabular Excel to PDF Safely Migrating Terraform Managed Disks on Azure Using Stable Keys and Copilot Microsoft 365 & Power Platform Community call Microsoft 365 & Power Platform product updates call Course Retirement Announcement: AI-3022 The End is Nigh for DES and an Update for hunting down RC4 Unable to Access Scheduling Poll Options Title Plan Update - May 8, 2026 Secure Medallion Architecture Pattern on Azure Databricks (Part II) From Observability to Action: Building an AI-Powered AIOps Agent for Customer-Specific Operations General Availability of Mailbox Import and Export Microsoft Graph APIs Why External Participants Can—or Can’t—Join a Microsoft Teams Meeting CRITICAL: Data Loss on Build 26200.8328 - AI Storage Sense deleted 160+ apps with 870GB free space. Why is everyone hating on Windows 11? I was pissed at the Windows 11 context menu so I built this. Windows 11 Shows ASUS LOGO but then goes dark for 5 minutes Windows 11 causes discrete graphics cards to be locked at their base clock speed when idle In Windows 11 Insider Preview 26300.8346, the Start button is offset to the left and misaligned The Windows 10 update failed, so I'm planning to switch to Windows 11 Using the Microsoft Graph PowerShell SDK to Update User Profiles Someone please help me - Windows Insider Program How to Reduce No-Shows for WooCommerce Appointments Windows 11 Insider Program Download Update Beta Channel stuck at 99% How to transfer photos from iphone to pc on Windows 11 without itunes Windows 11 Dell Laptop Latitude 5500 New PC won’t boot up windows 11 Fresh Windows Install – Driver/Service Advice for G14 (2021 R9 5900HS + RTX 3050 Ti) AD Recycle Bin – “The specified value already exists” but Recycle Bin is non‑functional Why deleting files does not free up space on mac How to delete or clear cache on macbook air automatically Announcing Microsoft Host Integration Server 2028: Modern connectivity for IBM Mainframes Midranges From Test Cases to Trust: Elevating Enterprise Quality with GitHub Copilot Bootfähigen usb stick erstellen am mac für Windows 11? My modpack has this error and I can't find the cause Where is the option to attach file for parent Income Statement Form? Watching streamers with 2k resolution enabled makes my PC lag Update Your Exchange SE Hybrid On-premises Rich Coexistence to Graph Partner Blog | Unlock the cloud benefits in your partner benefits package with a streamlined activation experience Turn your Azure commitments into smarter cloud investments with Microsoft Marketplace Drive stronger Microsoft alignment and unlock co-sell growth at Ultimate Partner LIVE RECAP: Microsoft Elevate Partner Community Monthly Call - May 2026 Public Preview: Migrate your regional virtual machines to availability zones Security Dashboard for AI: 3 Ways CISOs Drive Impact Today PLANNER WILL NOT PUBLISH THE SCHEDULES FOR MY PLANS, BY CREATING AN iCALENDAR LINK....HELP | Microsoft Community Hub Firm AI for professional services: governed, agentic workflows built on Microsoft Azure Azure Incident Retrospective - Please register! Session 2 - Tracking ID: 5GP8-W0G Azure Incident Retrospective - Please register! Session 1 - Tracking ID: 5GP8-W0G Autoruns, ProcDump, ZoomIt, DebugView, NotMyFault, ProcExp, Procmon, and Linux tools Edge Canary not auto updating? Edge Dev on Windows - Tab sync not working Available today: GPT-5.5 Instant in Microsoft 365 Copilot Introducing the Azure Resource Manager MCP Server! Defender Threat & Vulnerability Management Reporting A New Chapter for Realtime AI: Reasoning, Translation, and Real-Time Transcription Plan a fun Family Wellness Month with Copilot Released: May 2026 Exchange Server Hotfix Update Service Bus SBMP Retirement: What BizTalk Server 2020 Customers Need to Know Azure Incident Retrospective Please register for one of the 2 sessions below! Planner Agent brings work management directly into Microsoft 365 Copilot Local account and MS account Cannot reset account password Announcing Windows Admin Center: Virtualization Mode Public Preview 2! Azure RBAC Custom Role Best Practices or Common Build Patterns Pivot Table Data Centering How to design production-ready AI architectures for apps and agents on Microsoft Marketplace Troubleshoot with OpenTelemetry in Azure Monitor - Public Preview Secure, Keyless Application Access with Managed Identities - Now GA in Azure Files SMB Help shape the Microsoft 365 Copilot community experience — your input matters Microsoft 365 Security Best Practices for Enterprises Running multimedia AI models on Container Apps with Serverless GPU (A100 & T4) SharePoint List Migration to new Tenant Windows 11: Task Manager: Background Processes: Stop Unnecessary Ones from Starting Automatically Detecting Plain‑Text Password Exposure Using Custom Regex in Microsoft Purview MVP Enthusiast Effective, engaging events in communities and storylines Change Optics Report released into Public Preview to showcase messages impacted by future changes RECAP: Microsoft Elevate Partner Community Monthly Call - April 2026 | Microsoft Community Hub Networking in Windows Server 2025 - Windows Server Summit Want to get more out of Microsoft Copilot Chat without adding another tool—or cost—to your stack? Announcing Public Preview: Security Copilot’s Email Summary in Microsoft Defender Copilot Chat in financial services: Is productivity moving faster than policy? How manufacturers can scale AI from pilot to production with Microsoft Marketplace SSO for a Python Teams Bot (M365 Agents SDK + FastAPI) — Single-Tenant, Multi-Tenant, and UAMI | Microsoft Community Hub Advice required for temp / agency staff | Microsoft Community Hub 'You've tried to sign in too many times with incorrect account/password' | Microsoft Community Hub When will Windows 11 natively support Auracast broadcasting? | Microsoft Community Hub Authenticator | Microsoft Community Hub
YellowKey BitLocker Exploit | Microsoft Community Hub
StuartK73 · 2026-05-18 · via rss.livelink.threads-in-node

Forum Discussion

StuartK73's avatar

Hi All

I hope you are well.

Anyway, the YellowKey BitLocker Exploit has came to my attention.

We already have automatic  / silent BitLocker encryption enabled.

So, is there anything we should be doing (preferably via Intune) to mitigate this new exploit?

SK

14 Replies

  • Lucaraheller's avatar

    Hi StuartK73​ ,

    From what I understand, Microsoft’s script is intended to apply the current mitigation for the YellowKey / CVE-2026-45585 issue, so yes, I would deploy that first rather than immediately moving everyone to TPM+PIN.

    For Intune, I would personally use a remediation approach if possible:

    • Detection script: check whether the mitigation is already applied
    • Remediation script: apply Microsoft’s mitigation when missing
    • Start with a small pilot group
    • Then expand in rings

    I would not disable WinRE permanently unless Microsoft specifically recommends it for your scenario. I would also not rush into TPM+PIN for every user unless your risk profile requires it, because that can create a lot of operational impact.

    So my approach would be:

    Apply Microsoft’s mitigation script via Intune, validate on pilot devices, monitor BitLocker/WinRE behavior, and keep TPM+PIN for higher-risk devices or users where physical access risk is a bigger concern.

    • StuartK73's avatar

      Hi Buddy

      Many thanks for your very informative reply.

      Can you elaborate on:

      • Detection script: check whether the mitigation is already applied
      • Remediation script: apply Microsoft’s mitigation when missing

      As I can only see the X 1 MS script and I'm not sure how to detect and remediate scripts from that.

      Info appreciated.

      Stuart

  • peptixcalc's avatar

    I think the biggest problem right now is that many organizations rely heavily on TPM-only BitLocker deployments because they are easy to scale with Intune and Entra ID, but YellowKey seems to expose the weakness of relying only on transparent unlock mechanisms when physical access is possible.

    From what I understand so far, Microsoft’s mitigation script mainly reduces the current attack surface, but it does not completely replace stronger protections like TPM+PIN. For high risk environments, adding pre-boot authentication still seems like the safest long term approach, even if deployment across existing fleets is painful.

    Disabling WinRE temporarily also makes sense as an emergency mitigation until Microsoft provides a cleaner permanent fix. I also agree with others here that USB restrictions and BIOS passwords alone are not enough on many modern devices.

    For Intune environments, a remediation script checking WinRE status and mitigation compliance sounds like the most scalable approach right now. Surprised Microsoft did not publish an official Intune remediation package already.

    I was actually reading through a few security and infrastructure discussions while testing monitoring setups on one of my own utility projects recently:
    https://peptixcalc.com/

    Curious to see whether Microsoft eventually pushes an automatic mitigation through Defender or BitLocker policy updates.

  • StuartK73's avatar

    Hi All

    I see MS have updated the post and provided a script.

    Could someone please clarify the following:

    • Does running the script mitigate / fix the vulnerability?
    • Do we still need to set BitLocker PIN's?
    • Do we still need to set BIOS's PIN's?
    • Do we still need to disable WinRE?
    • What are the settings for deploying this script via PowerShell via Intune?
    • Does anyone know how to compile an Intune remed script?

    Info appreciated

    Stuart

    • RyanSteele-CoV's avatar

      • StuartK73's avatar

        Thanks for that buddy.

        Are we to just deploy this as a standalone PS script then and not as an Intune remediation detect and remed script?

        SK

  • RyanSteele-CoV's avatar

    • StuartK73's avatar

      Thanks buddy, although I'm not sure what MS are asking us to do here on Entra ID joined / Intune enrolled devices that are in numerous offices throughout the country, as these do look like per device commands to me and we don't really want BitLocker PINs. Am I missing something?

      SK

      • RyanSteele-CoV's avatar

        Good question. In theory, it ought to be possible to create a PowerShell Remediation script that checks whether the mitigation has been applied and runs the commands to apply it if needed. Why didn't Microsoft provide one?

        Edit: The article was updated on May 21 to include a PowerShell remediation script.

  • Klaas123's avatar

    Yes, I would also like to see a proper response from Microsoft. (has been 7 days since release now...)

    We are moving toward deploying TPM+PIN, but rolling this out across an existing fleet is quite troublesome and will take a significant amount of time.

    That said, the creator of the exploit has mentioned that they have a PoC capable of bypassing TPM+PIN as well (unreleased).

    As an immediate mitigation, we have deployed a remediation script to disable WinRE, until Microsoft has a fix.

    USB boot restrictions, BIOS passwords etc..., are  relatively easy to bypass on most hardware...

  • Radzik_PL's avatar

    I’ve been wondering about this too — looks quite serious.

    From what I see, YellowKey abuses WinRE + FsTx to get a shell with the BitLocker volume already unlocked, no password or recovery key needed. So in practice, with physical access, default BitLocker setups can be bypassed.

    For now, likely worth tightening things around

    •  pre-boot auth (TPM+PIN),
    • USB boot restrictions,
    • physical access controls.

    Curious how Microsoft will address this.

  • lee42's avatar

    The silence from Microsoft on this issue is deafening!

    You should be looking at requiring a startup PIN. Intune will allow you to set the PIN as a requirement, but I don't believe that will apply except to net new volumes, existing volumes will need to be updated by the user - which makes sense, they need to know the PIN.