安全研究人员称微软在BitLocker中植入了后门,并发布了利用程序
阅读原文· techspot.com安全研究人员指控微软在BitLocker加密功能中秘密植入了后门,并已公开发布了相关的利用程序。该指控引发了关于微软操作系统安全性和用户数据隐私的严重担忧。目前,该事件在技术社区引发广泛关注,相关讨论在Hacker News上获得了超过120个关注点。
The Epitome of WTF: A researcher known as "Nightmare-Eclipse" recently released YellowKey, a security vulnerability that allegedly enables a full bypass of BitLocker's full-volume encryption. The researcher described YellowKey as one of the most "insane" flaws they have ever encountered and has also accused Microsoft of potentially embedding a legitimate backdoor in BitLocker's data protection system.
According to the researcher, YellowKey appears unusual for a previously unknown security bug. Nightmare-Eclipse explained that the flaw can be reproduced by copying an attached "FsTx" folder to a USB drive formatted with a Windows-compatible file system such as NTFS, FAT32, or exFAT.
Update (May 20): Microsoft has released an out-of-band mitigation for the so-called BitLocker "YellowKey" backdoor, tracked as CVE-2026-45585. The company says the flaw could allow attackers with physical access to bypass BitLocker protections under certain conditions, though it stops short of describing the issue as an intentional backdoor.