Microsoft Mitigates Dangerous YellowKey Tool That Breaks BitLocker
Microsoft, however, has found a way to somewhat mitigate YellowKey, but it may require some manual tweaking from BitLocker users. Microsoft also states that it will patch the vulnerability at some point. For now though, Microsoft claims the best way to mitigate against YellowKey is to configure BitLocker to require both TPM and a PIN or to remove AutoFSTX.exe from BootExecute on WinRE. Existing BitLocker users who already have their systems secured with a PIN number need not worry about exploitation from YellowKey, but others should follow Microsoft's official instructions and run the mitigation script to fix the problem.
Per LevelBlue's coverage of the Nightmare-Eclipse suite of vulnerabilities, the bulk of them remain unpatched. Of the original three Windows Defender zero days released by Nightmare-Eclipse, only BlueHammer is patched, with RedSun and UnDefend remaining unpatched. While a mitigation now exists for YellowKey, GreenPlasma remains unpatched, and could feasibly be built into a functional exploit by a skilled attacker. LevelBlue also recommends disabling USB booting to fully protect against YellowKey and deploying Attack Surface Reduction (ASR) rules to disrupt staging behavior from Nightmare-Eclipse's various exploits, among other precautionary measures.
While Microsoft appears to be making great strides to improve some feature and optimize the performance of Windows 11, it has been hit wit a number of high-profile security issues as of late. To be fair to Microsoft, exploiting these issues requires either direct hardware access or remote access through already-compromised credentials, like a stolen VPN account. For the majority of users who haven't had their devices stolen, there's little reason for concern about any of these exploits.
