Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor

From thereon, the exploit code can get access to regions of memory they're not meant to and leverage that for any number of shenanigans, the most obvious one being getting full system access. This is bad enough for a desktop system, as any program can get full access, but it's particularly bad for server environments, where any regular user can get control of the server and, by extension, everyone else's data.

Meanwhile, as of this writing, there is no official response from the company about YellowKey or GreenPlasma. BlueHammer has already been patched, and Chaotic claims that Microsoft silently patched RedSun, but there's no official word on that either.

Follow Tom's Hardware on Google News , or add us as a preferred source , to get our latest news, analysis, & reviews in your feeds.

Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals. ","collapsible":{"enabled":true,"maxHeight":250,"readMoreText":"Read more","readLessText":"Read less"}}), "https://slice.vanilla.futurecdn.net/13-4-23/js/authorBio.js"); } else { console.error('%c FTE ','background: #9306F9; color: #ffffff','no lazy slice hydration function available'); } Bruno Ferreira Social Links Navigation Contributor Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.

ezst036 Apple exploit incoming. Just the other day it was Linux, now its Microsoft. Android probably coming soon too. Its all a cycle. Someone is next. Nobody is perfect. Reply

Gururu Yes, at first it seems like the company hasn't done enough, whatever company has been hacked or exploit found. But it seems EVERYTHING is being hacked these days. Personally, I've received nearly a dozen notices saying my info has been stolen and have had free identity protection services for over ten years now. Safe to say everyone's critical personal info is in some black market by now. Reply

-Fran- You're telling me the most relevant reason of why Microsoft forced everyone to have (enabled) TPM in order to install and use Win11 is a hackable joke? SAY IT AINT SO! surprisedpikachuface.jpg Regards. Reply

dwd999 Do I understand this correctly that portable drives protected by Bitlocker to Go are still secure? And are drives protected where the key is NOT stored in TPM, e.g. the key is stored in a text file somewhere away from the locked computer, are those still secure? Reply

S58_is_the_goat They did this after their disclosure reports were allegedly dismissed by Microsoft's security team Sounds about right, maybe they should name and shame the one who dismissed the disclosure. Reply

TechieTwo SOS, DD it's Microsucks. What did you expect? :anguished: Reply

Key considerations

Investor positioning can change fast
Volatility remains possible near catalysts
Macro rates and liquidity can dominate flows

Reference reading

More on this site

Informational only. No financial advice. Do your own research.

Key considerations

Reference reading

More on this site

Related posts:

Leave a Comment Cancel reply