Back to Blog
by 1015058pwpadmin

YellowKey: The Zero-Day That Breaks BitLocker, Plus This Week’s Biggest Cyber Threats

On May 12, a security researcher publicly dropped two unpatched Windows zero-day exploits after growing frustrated with Microsoft’s handling of previous vulnerability disclosures. The more critical of the two is called YellowKey.

The BitLocker Zero-Day Nobody Patched Yet

YellowKey allows anyone with physical access to a Windows 11, Windows Server 2022, or Windows Server 2025 machine to bypass BitLocker full-disk encryption in minutes. The attack is straightforward: copy a specific folder onto a USB drive, plug it in, reboot into Windows Recovery Environment, and you have unrestricted access to the encrypted drive. No credentials needed. No special hardware. Just a USB stick.

The second exploit, GreenPlasma, is a privilege escalation flaw that can give an attacker full control over the operating system’s core when chained with initial access.

Microsoft has not released a patch. Mitigations for now: set a custom BitLocker PIN (in addition to TPM), set a strong BIOS password, and strictly control physical access to any Windows 11 device holding sensitive data. Healthcare organizations in particular, where laptops and workstations hold patient records, should treat this as urgent.

The IMF Warns AI Could Trigger a Global Financial Crisis

The International Monetary Fund issued a warning this week that AI-powered cyberattacks could cascade across shared banking, energy, and telecom infrastructure and trigger a worldwide financial crisis. AI models are already capable of identifying software vulnerabilities at scale, meaning attackers no longer need deep technical expertise. The window between a vulnerability being discovered and being exploited is shrinking fast.

Microsoft Patched 120 Flaws, But YellowKey Is Not One of Them

This month’s Patch Tuesday addressed 120 vulnerabilities across Windows, Office, and Azure. Notable fixes include critical remote code execution flaws in Windows Hyper-V and the Microsoft Scripting Engine. What it does not include is a fix for YellowKey or GreenPlasma. Those remain unpatched and actively dangerous.

What You Should Do Right Now

  • Set a custom BitLocker PIN on all Windows 11 machines (do not rely on TPM-only unlock)
  • Set a strong BIOS/UEFI password and disable USB boot on sensitive devices
  • Apply this month’s Patch Tuesday updates immediately for the 120 patched CVEs
  • Brief your team on physical security and tailgating risks
  • Healthcare orgs: audit which laptops and workstations hold PHI and prioritize those first

If you’re unsure whether your Windows environment is exposed or need help implementing BitLocker PIN policies across your fleet, book a free security assessment with our team.

Published on May 19, 2026
Share on LinkedIn

Ready to Automate Your Business?

Talk to one of our Miami-based consultants. No commitment, no pressure.

Get a Free Consultation Call (407) 279-0728