Microsoft patches BitLocker bypass flaw, fixes six zero-days in June update
Microsoft’s June Patch Tuesday closed a BitLocker bypass, and the lockpick analogy is hard to miss: YellowKey was a physical-access defeat, not just a software bug.

BitLocker is supposed to be the digital deadbolt on a stolen laptop, but YellowKey showed how quickly a bypass can turn that promise into a weak point. Microsoft used its June 2026 Patch Tuesday to close YellowKey, GreenPlasma and MiniPlasma, and the scale of the release made clear this was not routine housekeeping. Reports put the update at roughly 200 flaws, and widely described it as Microsoft’s largest Patch Tuesday release on record.
YellowKey carried the sharpest lockpicking-style lesson. Microsoft identified it as CVE-2026-45585 and said it was a Windows security feature bypass affecting BitLocker Device Encryption on the system storage device. The company said an attacker with physical access could use the flaw to reach encrypted data, and its mitigation guidance stated that TPM+PIN made the issue not exploitable. In other words, the attack was about defeating the boundary around the machine itself, not remotely cracking encryption from across the network.
The exploit path made that boundary problem even more familiar to anyone who follows bypass research. Independent writeups said YellowKey abuse involved the Windows Recovery Environment, specially crafted FsTx files and a reboot into WinRE. Security researcher Will Dormann said he reproduced it with a USB drive attached and saw cmd.exe launch instead of the normal recovery flow. That is classic bypass thinking: use an unexpected path, not brute force, and make the system open itself.
GreenPlasma and MiniPlasma showed the June patch wave was broader than one BitLocker issue. Trend Micro’s summary said GreenPlasma was a privilege escalation flaw and MiniPlasma was another Windows privilege escalation issue in the same disclosure cycle, with both capable of leading to SYSTEM-level access on fully patched Windows systems. Trend Micro also said YellowKey and GreenPlasma affected Windows 11 and Windows Server 2022 and 2025, which put the risk squarely on managed endpoints as well as personal machines.

The timeline mattered as much as the code. YellowKey and GreenPlasma were publicly discussed in mid-May 2026, before the June rollout, and MiniPlasma’s proof of concept arrived in late May. Microsoft had already issued mitigation guidance for YellowKey before the patch and acknowledged the public proof-of-concept release, so the window for complacency was short. For lockpickers, the takeaway is simple: whether the target is a padlock or BitLocker, the interesting fight is often not defeat, but bypass, and June’s Windows fixes were a reminder that physical-access assumptions still decide a lot of security.
This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.
Did this article answer your question?


