{"id":1752,"date":"2026-05-17T09:00:00","date_gmt":"2026-05-17T08:00:00","guid":{"rendered":"https:\/\/jurotar.fi\/blog\/?p=1752"},"modified":"2026-05-17T13:20:55","modified_gmt":"2026-05-17T12:20:55","slug":"windows-security-and-yellowkey-exploit","status":"publish","type":"post","link":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/","title":{"rendered":"Windows Security and YellowKey exploit"},"content":{"rendered":"\n

We live some fast-paced times for the security! On this very May \u2013 12th<\/sup> to be more precise \u2013 there was especially interesting \u201cYellowKey\u201d exploit shared on GitHub from a user called Nightmare-Eclipse. It bypasses Windows BitLocker which is a security feature that multiple companies rely on globally. Let\u2019s recap briefly what kind of physical security features has been avaible for Windows to this day:

<\/p>\n\n\n\n

Physical security features on Windows and BIOS<\/strong><\/h3>\n\n\n\n

So far as I\u2019m aware physical security of Windows \u2013installations in the recent years has relied heavily on BitLocker. BitLocker encrypts volumes to protect data from unauthorized access \u2013 especially if a Windows device gets lost or stolen. BitLocker if often used with a physical TPM chip (Trusted Platform Module) found on the system board \u2013 BitLocker generates and stores encryption keys and ecryption-related information on TMP. On startup TPM asks encryption key before it continues boot to operating system. Since TPM is a physical chip on mobo TPM settings are modified from BIOS.<\/p>\n\n\n\n

Hardware manufacturers also often offer an option to set up a password for accessing BIOS and Secure Boot feature. Secure Boot is a security feature in UEFI firmware that allows only trusted software to run during the boot process. It hardens security from unauthorized USB-booting for example.<\/p>\n\n\n\n

\"\"
TPM settings on BIOS<\/em><\/figcaption><\/figure>\n\n\n\n

YellowKey in short<\/strong><\/h3>\n\n\n\n

The YellowKey exploit method is explained in the GitHub repository too but in a nutshell the idea is to copy folder to an USB and boot the Windows to Recovery state with the USB attatched to the device. Quite straighforward way to use the hack.<\/p>\n\n\n\n

Since YellowKey utilizes WinRE (Windows Recovery Environment) Secure Boot feature is not gonna stop it from working. And because YellowKey uses WinRE it gives unrestricted access to the system.<\/p>\n\n\n\n

<\/p>\n\n\n\n

\"\"
GitHub user Nightmare-Eclipse has published some other Windows exploit repositories this spring and has been critisizing Microsoft not doeing enough to fix those vunerabilities.<\/em><\/figcaption><\/figure>\n\n\n\n

Concerns<\/strong><\/h3>\n\n\n\n

In the YellowKey repository is also mentioned that the exploit doesn\u2019t work on Windows versions older than 11 which raises concerns about it being voluntarily added to new OS versions. It isn\u2019t a piece of old feature forgot in the architecture.<\/p>\n\n\n\n

Either the method is a huge architectural slip in Windows or intentiontionally left there. And it raises (understandably) some eyebrows. Tech enthusiasts are already increasingly worried about privacy and how far the mass surveillance attempts and successes already go. Tech companies should have more transparency and respect to their clients when product is sold on a global scope. Leaving backdoors open intentionally for physical data theft would be a really low blow \u2013 even for Microslop.


<\/p>\n\n\n\n

Previous post: The Guild \u2013series (2007-2013)<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

We live some fast-paced times for the security! On this very May \u2013 12th to be more precise \u2013 there was especially interesting \u201cYellowKey\u201d exploit shared on GitHub from a user called Nightmare-Eclipse. It bypasses Windows BitLocker which is a security feature that multiple companies rely on globally. Let\u2019s recap briefly what kind of physical…<\/p>\n","protected":false},"author":2,"featured_media":1784,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":"","footnotes":""},"categories":[22,10,12],"tags":[],"class_list":["post-1752","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-services-apps","category-about-tech"],"yoast_head":"\n| Windows Security and YellowKey exploit<\/title>\n<meta name=\"description\" content=\"On this very May there was especially interesting \u201cYellowKey\u201d exploit shared on GitHub from a user called Nightmare-Eclipse. It bypasses Windows BitLocker which is a security feature that multiple companies rely on globally.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"| Windows Security and YellowKey exploit\" \/>\n<meta property=\"og:description\" content=\"On this very May there was especially interesting \u201cYellowKey\u201d exploit shared on GitHub from a user called Nightmare-Eclipse. It bypasses Windows BitLocker which is a security feature that multiple companies rely on globally.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-17T08:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-17T12:20:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/05\/physical_security_and_yellowkey_featured_image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"750\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jurotar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jurotar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/\"},\"author\":{\"name\":\"Jurotar\",\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/#\\\/schema\\\/person\\\/b3b10f0e28bdf3971f866c60ea47d079\"},\"headline\":\"Windows Security and YellowKey exploit\",\"datePublished\":\"2026-05-17T08:00:00+00:00\",\"dateModified\":\"2026-05-17T12:20:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/\"},\"wordCount\":445,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/#\\\/schema\\\/person\\\/b3b10f0e28bdf3971f866c60ea47d079\"},\"image\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/physical_security_and_yellowkey_featured_image.jpg\",\"articleSection\":[\"cybersecurity\",\"services & software\",\"Tech\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/\",\"url\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/\",\"name\":\"| Windows Security and YellowKey exploit\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/physical_security_and_yellowkey_featured_image.jpg\",\"datePublished\":\"2026-05-17T08:00:00+00:00\",\"dateModified\":\"2026-05-17T12:20:55+00:00\",\"description\":\"On this very May there was especially interesting \u201cYellowKey\u201d exploit shared on GitHub from a user called Nightmare-Eclipse. It bypasses Windows BitLocker which is a security feature that multiple companies rely on globally.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/physical_security_and_yellowkey_featured_image.jpg\",\"contentUrl\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/physical_security_and_yellowkey_featured_image.jpg\",\"width\":1920,\"height\":750},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/index.php\\\/2026\\\/05\\\/17\\\/windows-security-and-yellowkey-exploit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Windows Security and YellowKey exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/\",\"name\":\"Jurotar Blog\",\"description\":\"A journey through tech, fantasy and escapism\",\"publisher\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/#\\\/schema\\\/person\\\/b3b10f0e28bdf3971f866c60ea47d079\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/#\\\/schema\\\/person\\\/b3b10f0e28bdf3971f866c60ea47d079\",\"name\":\"Jurotar\",\"pronouns\":\"she\\\/her\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/juro_avattar.jpg\",\"url\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/juro_avattar.jpg\",\"contentUrl\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/juro_avattar.jpg\",\"width\":748,\"height\":682,\"caption\":\"Jurotar\"},\"logo\":{\"@id\":\"https:\\\/\\\/jurotar.fi\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/02\\\/juro_avattar.jpg\"},\"sameAs\":[\"https:\\\/\\\/www.instagram.com\\\/jurotar\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"| Windows Security and YellowKey exploit","description":"On this very May there was especially interesting \u201cYellowKey\u201d exploit shared on GitHub from a user called Nightmare-Eclipse. It bypasses Windows BitLocker which is a security feature that multiple companies rely on globally.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/","og_locale":"en_GB","og_type":"article","og_title":"| Windows Security and YellowKey exploit","og_description":"On this very May there was especially interesting \u201cYellowKey\u201d exploit shared on GitHub from a user called Nightmare-Eclipse. It bypasses Windows BitLocker which is a security feature that multiple companies rely on globally.","og_url":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/","article_published_time":"2026-05-17T08:00:00+00:00","article_modified_time":"2026-05-17T12:20:55+00:00","og_image":[{"width":1920,"height":750,"url":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/05\/physical_security_and_yellowkey_featured_image.jpg","type":"image\/jpeg"}],"author":"Jurotar","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jurotar","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/#article","isPartOf":{"@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/"},"author":{"name":"Jurotar","@id":"https:\/\/jurotar.fi\/blog\/#\/schema\/person\/b3b10f0e28bdf3971f866c60ea47d079"},"headline":"Windows Security and YellowKey exploit","datePublished":"2026-05-17T08:00:00+00:00","dateModified":"2026-05-17T12:20:55+00:00","mainEntityOfPage":{"@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/"},"wordCount":445,"commentCount":0,"publisher":{"@id":"https:\/\/jurotar.fi\/blog\/#\/schema\/person\/b3b10f0e28bdf3971f866c60ea47d079"},"image":{"@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/05\/physical_security_and_yellowkey_featured_image.jpg","articleSection":["cybersecurity","services & software","Tech"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/","url":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/","name":"| Windows Security and YellowKey exploit","isPartOf":{"@id":"https:\/\/jurotar.fi\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/#primaryimage"},"image":{"@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/05\/physical_security_and_yellowkey_featured_image.jpg","datePublished":"2026-05-17T08:00:00+00:00","dateModified":"2026-05-17T12:20:55+00:00","description":"On this very May there was especially interesting \u201cYellowKey\u201d exploit shared on GitHub from a user called Nightmare-Eclipse. It bypasses Windows BitLocker which is a security feature that multiple companies rely on globally.","breadcrumb":{"@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/#primaryimage","url":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/05\/physical_security_and_yellowkey_featured_image.jpg","contentUrl":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/05\/physical_security_and_yellowkey_featured_image.jpg","width":1920,"height":750},{"@type":"BreadcrumbList","@id":"https:\/\/jurotar.fi\/blog\/index.php\/2026\/05\/17\/windows-security-and-yellowkey-exploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jurotar.fi\/blog\/"},{"@type":"ListItem","position":2,"name":"Windows Security and YellowKey exploit"}]},{"@type":"WebSite","@id":"https:\/\/jurotar.fi\/blog\/#website","url":"https:\/\/jurotar.fi\/blog\/","name":"Jurotar Blog","description":"A journey through tech, fantasy and escapism","publisher":{"@id":"https:\/\/jurotar.fi\/blog\/#\/schema\/person\/b3b10f0e28bdf3971f866c60ea47d079"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jurotar.fi\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/jurotar.fi\/blog\/#\/schema\/person\/b3b10f0e28bdf3971f866c60ea47d079","name":"Jurotar","pronouns":"she\/her","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/02\/juro_avattar.jpg","url":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/02\/juro_avattar.jpg","contentUrl":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/02\/juro_avattar.jpg","width":748,"height":682,"caption":"Jurotar"},"logo":{"@id":"https:\/\/jurotar.fi\/blog\/wp-content\/uploads\/2026\/02\/juro_avattar.jpg"},"sameAs":["https:\/\/www.instagram.com\/jurotar"]}]}},"_links":{"self":[{"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1752"}],"version-history":[{"count":17,"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1752\/revisions"}],"predecessor-version":[{"id":1776,"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1752\/revisions\/1776"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/media\/1784"}],"wp:attachment":[{"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jurotar.fi\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}