this post was submitted on 13 May 2026
901 points (99.8% liked)

Technology

84623 readers
6006 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
901
Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor (www.tomshardware.com)
submitted 1 day ago by throws_lemy@lemmy.nz to c/technology@lemmy.world
148 comments fedilink hide all child comments
 

YellowKey reportedly works in Windows 11, Windows Server 2022 and 2025, but not in Windows 10.

you are viewing a single comment's thread
view the rest of the comments
[–] 9tr6gyp3@lemmy.world 47 points 1 day ago* (last edited 1 day ago) (2 children)

The process is dead simple: grab any USB stick, get write access to the "System Volume Information," and copy into it the "FsTx" folder and its contents. Shift+click Restart to get Windows to the recovery environment, but then switch to holding down the Control key and don't let go. The machine will reboot, and without asking any questions or showing any menus, will drop you in an elevated command line with full access to the formerly Bitlocked drive, without asking for any keys.

~~Its dead simple to get write access to System Volume Information~~

~~Not even local admins have access to it. A local admin would have to take ownership of that folder (not recommended), but if a local admin is doing that for this exploit, they can just turn off Bitlocker rather than go through this nonsense.~~

I misunderstood the exploit. See replies.

[–] AnyOldName3@lemmy.world 50 points 1 day ago* (last edited 1 day ago) (1 children)

By exploit standards, that's not especially hard. I don't think there's really anything blocking accessing it at all if an NTFS volume is mounted on a typical desktop Linux distro, as it's just NTFS permissions blocking it, and they're not typically obeyed by Linux in the first place.

In the face of your edit, I see that you've misunderstood the exploit. You need write access to the System Volume Information directory of your own USB stick, not anything on the target machine. It's much easier to get access to things on a computer than it is to get access on one particular computer, and this exploit lets you jump from one to the other.

[–] 9tr6gyp3@lemmy.world 6 points 1 day ago (2 children)

Its bitlocker encrypted. You need to unlock the disk to see System Volume Information in Linux.

[–] AnyOldName3@lemmy.world 23 points 1 day ago (1 children)

I'll copy the bit here that I just edited into my reply after you edited the first post:

In the face of your edit, I see that you’ve misunderstood the exploit. You need write access to the System Volume Information directory of your own USB stick, not anything on the target machine. It’s much easier to get access to things on a computer than it is to get access on one particular computer, and this exploit lets you jump from one to the other.

[–] 9tr6gyp3@lemmy.world 17 points 1 day ago

Ah yeah, I misunderstood. Thanks for the clarification.

[–] humanspiral@lemmy.ca 1 points 1 day ago (2 children)

does bitlocker encrypt whole volume, or userdata folders? It's a performance issue to encrypt anything that doesn't need to be.

[–] InFerNo@lemmy.ml 2 points 16 hours ago

You can do full disk or folders

[–] 9tr6gyp3@lemmy.world 3 points 1 day ago* (last edited 1 day ago)

Its whole-volume encryption, not file encryption. Most modern CPUs have built-in AES-NI instructions so its not much of a performance penalty (as long as AES is used for encryption).

[–] MonkderVierte@lemmy.zip 4 points 1 day ago (1 children)

Your strike-through didn't work somehow.

[–] 9tr6gyp3@lemmy.world 4 points 1 day ago (1 children)

I know! I cant figure it out 😂

[–] eronth@lemmy.world 11 points 1 day ago (1 children)

It's the spaces, I think

[–] 9tr6gyp3@lemmy.world 3 points 1 day ago (1 children)

I tried without spaces too unfortunately

[–] Speculater@lemmy.world 2 points 1 day ago (1 children)

I think it's three tildas.

[–] 9tr6gyp3@lemmy.world 7 points 1 day ago (1 children)

Its two. It didn't like the exclamation mark. I removed it and it started working.

[–] Speculater@lemmy.world 2 points 1 day ago

Oh nice work!