Security researcher Nightmare-Eclipse released a tool called YellowKey that claims to bypass Microsoft’s BitLocker full‑disk encryption. The exploit works by copying a specially crafted “FsTx” folder to a USB drive—or directly onto the EFI partition—and then rebooting into the Windows Recovery Environment. If the steps are followed, a command shell appears with unrestricted access to the encrypted volume, no password required.

Nightmare-Eclipse argues the flaw resembles an intentional backdoor because the triggering component exists only in the official WinRE image and behaves differently on live systems. Their analysis notes the issue affects Windows 11 and Server 2022/2025, while Windows 10 appears untouched. Independent researchers have confirmed the behavior from the public GitHub proof‑of‑concept, and a second exploit named GreenPlasma reportedly enables privilege escalation.

The disclosure forces administrators to reconsider reliance on BitLocker as a sole protection mechanism. Experts recommend supplementing or replacing it with well‑reviewed full‑disk solutions such as VeraCrypt until Microsoft addresses the vulnerability in an upcoming Patch Tuesday. As of now, the exploit remains effectively functional on supported Windows 11 builds, giving attackers a practical route to read or copy encrypted data.