INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

YellowKey Mitigation Released by Microsoft

| 2026-05-20 15:07 CRITICAL HIGH
JSON
Executive Summary AI-generated
Microsoft has issued a YellowKey mitigation, urging admins to disable autofstx.exe and enable TPM+PIN. The flaw affects Windows 11 versions 24H2, 25H2, and 26H1 on x64 systems, as well as Windows Server 2025 in standard and Server Core installations. Microsoft is aware of a security feature bypass vulnerability in YellowKey, which has been publicly disclosed by researcher Chaotic Eclipse. The attack involves physical access to the system, with CVSS score 6.8. To prevent the exploit, administrators must disable autofstx.exe and enable TPM+PIN.
Technical Mitigations AI-generated
* Disable autofstx.exe and enable TPM+PIN: Disable the autofstx.exe component that is responsible for bypassing BitLocker security features, and switch to using TPM+PIN instead. * Mount WinRE image on each affected device: Mount a copy of the Windows Recovery Environment (WinRE) image on each affected device, which will prevent the Transactional NTFS replay from deleting winpeshl.ini. * Modify BootExecute value under Session Manager: Modify the BootExecute value in the system registry hive to remove the autofstx.exe entry, preventing it from starting automatically when the WinRE image launches. * Switch to TPM+PIN for BitLocker decryption: Switch from using TPM-only BitLocker encryption (which decrypts without user input) to using TPM+PIN encryption, which requires a PIN code.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
CVE-2026-33825CVE-2026-33825 CVE-2026-45585CVE-2026-45585
Target & Sectors
NORTH_AMERICA NORTH_AMERICA
Incident Timeline
‎April 10, 2026
Attackers exploited BlueHammer on April 10, 2026.
‎April 16
Attackers exploited BlueHammer on April 10, 2026.
‎2026/04/20
Threat actors used BlueHammer to target RedSun.
organisation BlueHammer
Last month, they also disclosed the BlueHammer (CVE-2026-33825) and RedSun (no identifier) local privilege escalation (LPE) zero-day flaws, both of which are now being exploited in attacks .
tactic Privilege Escalation
Last month, they also disclosed the BlueHammer (CVE-2026-33825) and RedSun (no identifier) local privilege escalation (LPE) zero-day flaws, both of which are now being exploited in attacks .
organisation CVE-2026-33825
Last month, they also disclosed the BlueHammer (CVE-2026-33825) and RedSun (no identifier) local privilege escalation (LPE) zero-day flaws, both of which are now being exploited in attacks .
organisation LPE
Last month, they also disclosed the BlueHammer (CVE-2026-33825) and RedSun (no identifier) local privilege escalation (LPE) zero-day flaws, both of which are now being exploited in attacks .
‎2026/05/13
Microsoft released a mitigation for the YellowKey BitLocker vulnerability.
organisation BitLocker
 Ravie Lakshmanan  May 20, 2026 Vulnerability / Encryption Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.
organisation Vulnerability / Encryption
 Ravie Lakshmanan  May 20, 2026 Vulnerability / Encryption Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.
organisation PoC
The security flaw was disclosed last week by an anonymous security researcher known as 'Nightmare Eclipse,' who described it as a backdoor and published a proof-of-concept (PoC) exploit.
‎May 20, 2026
Threat actors exploited a YellowKey zero-day exploit in BitLocker encryption.
organisation BitLocker
 Ravie Lakshmanan  May 20, 2026 Vulnerability / Encryption Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.
organisation Vulnerability / Encryption
 Ravie Lakshmanan  May 20, 2026 Vulnerability / Encryption Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week.
‎2022/2026
Threat actors exploited a Windows privilege escalation vulnerability in the CTFMON framework on multiple versions of Windows 11 and Server 2022/2026.
infrastructure Windows
The second issue, dubbed GreenPlasma, is a Windows privilege escalation vulnerability affecting the CTFMON framework on Windows 11 and Windows Server 2022/2026.
tactic T1584.004 - Server
The second issue, dubbed GreenPlasma, is a Windows privilege escalation vulnerability affecting the CTFMON framework on Windows 11 and Windows Server 2022/2026.
general_metric 11 versions
The second issue, dubbed GreenPlasma, is a Windows privilege escalation vulnerability affecting the CTFMON framework on Windows 11 and Windows Server 2022/2026.
tactic Privilege Escalation
The second issue, dubbed GreenPlasma, is a Windows privilege escalation vulnerability affecting the CTFMON framework on Windows 11 and Windows Server 2022/2026.
‎2022/2025
Threat actors exploited a YellowKey zero-day vulnerability in Windows 11 and Server 2022/2025 systems.
infrastructure Windows
YellowKey is a BitLocker bypass issue that affects Windows 11 and Windows Server 2022/2025 systems.
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.”
tactic T1584.004 - Server
YellowKey is a BitLocker bypass issue that affects Windows 11 and Windows Server 2022/2025 systems.
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.”
general_metric 11 versions
YellowKey is a BitLocker bypass issue that affects Windows 11 and Windows Server 2022/2025 systems.
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.”
infrastructure 10 Server
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.”
‎2026/05/20
The researchers disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma, affecting BitLocker and the CTFMON framework.
organisation BitLocker
Microsoft issues YellowKey mitigation, no patch yet Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN.
Nightmare Eclipse said that exploiting this zero-day involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, rebooting into WinRE, and then triggering a shell with unrestricted access to the BitLocker-protected storage volume by holding down the CTRL key.
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework.
organisation the FsTx Auto Recovery Utility
The root of the problem is a component called the FsTx Auto Recovery Utility, autofstx.exe, which exists only inside the WinRE image and runs automatically when the recovery environment launches.
"Specifically, you prevent the FsTx Auto Recovery Utility, autofstx.exe, from automatically starting when the WinRE image launches," security researcher Will Dormann said .
"Specifically, you prevent the FsTx Auto Recovery Utility, autofstx.exe, from automatically starting when the WinRE image launches," Will Dormann, principal vulnerability analyst at Tharros, explained .
organisation WinRE
The root of the problem is a component called the FsTx Auto Recovery Utility, autofstx.exe, which exists only inside the WinRE image and runs automatically when the recovery environment launches.
Nightmare Eclipse said that exploiting this zero-day involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, rebooting into WinRE, and then triggering a shell with unrestricted access to the BitLocker-protected storage volume by holding down the CTRL key.
It essentially involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.
The flaw allows attackers with physical access to bypass BitLocker protections and gain unrestricted shell access to encrypted volumes through the Windows Recovery Environment (WinRE).
organisation BootExecute
It requires mounting the WinRE image on each affected device, loading the system registry hive from that mounted image, and modifying the BootExecute value under Session Manager to remove the autofstx.exe entry.
Modify BootExecute by removing "autofstx.exe" value from Session Manager's BootExecute REG_MULTI_SZ value.
" To mitigate YellowKey attacks, Microsoft recommended removing the autofstx.exe entry from the Session Manager's BootExecute REG_MULTI_SZ value, then reestablishing BitLocker trust for WinRE by following the procedure detailed under "Mitigations" in the CVE-2026-33825 advisory .
organisation Modify BootExecute
Modify BootExecute by removing "autofstx.exe" value from Session Manager's BootExecute REG_MULTI_SZ value.
organisation Tharros
"Specifically, you prevent the FsTx Auto Recovery Utility, autofstx.exe, from automatically starting when the WinRE image launches," Will Dormann, principal vulnerability analyst at Tharros, explained .
organisation USB
Nightmare Eclipse said that exploiting this zero-day involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, rebooting into WinRE, and then triggering a shell with unrestricted access to the BitLocker-protected storage volume by holding down the CTRL key.
With that access, they place specially crafted FsTx files on a USB drive or directly in the EFI partition, plug the drive in, reboot into the Windows Recovery Environment, and hold down CTRL.
It essentially involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.
The attack involves placing specially crafted files inside the System Volume Information\FsTx directory on a USB drive or directly in the EFI partition.
organisation EFI
Nightmare Eclipse said that exploiting this zero-day involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, rebooting into WinRE, and then triggering a shell with unrestricted access to the BitLocker-protected storage volume by holding down the CTRL key.
With that access, they place specially crafted FsTx files on a USB drive or directly in the EFI partition, plug the drive in, reboot into the Windows Recovery Environment, and hold down CTRL.
It essentially involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.
The attack involves placing specially crafted files inside the System Volume Information\FsTx directory on a USB drive or directly in the EFI partition.
organisation Nightmare
Nightmare Eclipse said that exploiting this zero-day involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, rebooting into WinRE, and then triggering a shell with unrestricted access to the BitLocker-protected storage volume by holding down the CTRL key.
infrastructure Windows
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework.
It affects Windows 11 versions 24H2, 25H2, and 26H1 on x64 systems, as well as Windows Server 2025 in both standard and Server Core installations.
“Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as “YellowKey”.” reads the advisory .
Microsoft condemns the Chaotic Eclipse’s decision to release working exploit code without going through the standard coordinated disclosure process, the same researcher who has now disclosed five separate Windows vulnerabilities in rapid succession, including GreenPlasma , BlueHammer , RedSun , UnDefend , and MiniPlasma .
With that access, they place specially crafted FsTx files on a USB drive or directly in the EFI partition, plug the drive in, reboot into the Windows Recovery Environment, and hold down CTRL.
"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as 'YellowKey,'" the tech giant said in an advisory.
" The issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation).
It essentially involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.
Microsoft shares mitigation for YellowKey Windows zero-day.
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives.
"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey".
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days.
A security researcher known as Chaotic Eclipse , also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma .
The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON).
The flaw allows attackers with physical access to bypass BitLocker protections and gain unrestricted shell access to encrypted volumes through the Windows Recovery Environment (WinRE).
According to the researcher, the vulnerable component only exists inside the WinRE image and not in standard Windows installations, raising suspicions about its design.
Windows 10 systems do not appear affected.
The component that is responsible for this bug is not present anywhere (even in the internet) except inside WinRE image and what makes it raise suspicions is the fact that the exact same component is also present with the exact same name in a normal windows installation but without the functionalities that trigger the bitlocker bypass issue.” wrote Chaotic Eclipse.
Chaotic Eclipse also  published proof-of-concept code  for the unpatched Windows bug.
Huntress researchers reported attackers are exploiting the three Windows flaws to target systems, though the victims and attackers remain unknown.
organisation GreenPlasma
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework.
Microsoft condemns the Chaotic Eclipse’s decision to release working exploit code without going through the standard coordinated disclosure process, the same researcher who has now disclosed five separate Windows vulnerabilities in rapid succession, including GreenPlasma , BlueHammer , RedSun , UnDefend , and MiniPlasma .
The researcher also leaked GreenPlasma , a zero-day privilege-escalation security issue that attackers can abuse to obtain a SYSTEM shell, and UnDefend , another zero-day that attackers with standard user permissions can exploit to block Microsoft Defender definition updates.
organisation CTFMON
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework.
organisation Microsoft
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit.
Microsoft shares mitigation for YellowKey Windows zero-day.
Microsoft issues YellowKey mitigation, no patch yet.
At this time, Microsoft has only fixed the BlueHammer flaw, tracked as  CVE-2026-33825 , but the others remain unpatched.
organisation YellowKey
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit.
Microsoft shares mitigation for YellowKey Windows zero-day.
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days.
Microsoft issues YellowKey mitigation, no patch yet.
organisation BitLocker Bypass CVE-2026-45585
Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit.
organisation CVSS
The zero-day flaw, now tracked as CVE-2026-45585 , carries a CVSS score of 6.8.
The attack is physical, for this reason, it has received a CVSS score of 6.8 rather than something higher.
organisation BlueHammer
Microsoft condemns the Chaotic Eclipse’s decision to release working exploit code without going through the standard coordinated disclosure process, the same researcher who has now disclosed five separate Windows vulnerabilities in rapid succession, including GreenPlasma , BlueHammer , RedSun , UnDefend , and MiniPlasma .
In April, Chaotic Eclipse disclosed three other flaws in Microsoft Defender called BlueHammer, RedSun, and UnDefend.
organisation FsTx
With that access, they place specially crafted FsTx files on a USB drive or directly in the EFI partition, plug the drive in, reboot into the Windows Recovery Environment, and hold down CTRL.
organisation the Windows Recovery Environment
With that access, they place specially crafted FsTx files on a USB drive or directly in the EFI partition, plug the drive in, reboot into the Windows Recovery Environment, and hold down CTRL.
It essentially involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.
The flaw allows attackers with physical access to bypass BitLocker protections and gain unrestricted shell access to encrypted volumes through the Windows Recovery Environment (WinRE).
organisation Systems
" The issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation).
organisation GreenPlasma Windows Zero-Days
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days.
organisation the Windows Collaborative Translation Framework
The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON).
organisation Microsoft Defender
The researcher also leaked GreenPlasma , a zero-day privilege-escalation security issue that attackers can abuse to obtain a SYSTEM shell, and UnDefend , another zero-day that attackers with standard user permissions can exploit to block Microsoft Defender definition updates.
The researcher previously disclosed three Microsoft Defender vulnerabilities.
organisation RedSun
In April, Chaotic Eclipse disclosed three other flaws in Microsoft Defender called BlueHammer, RedSun, and UnDefend.
organisation UnDefend
In April, Chaotic Eclipse disclosed three other flaws in Microsoft Defender called BlueHammer, RedSun, and UnDefend.
organisation The Transactional NTFS
The Transactional NTFS replay it triggers ends up deleting winpeshl.ini, which is what opens the door to the unrestricted shell.
organisation PIN
Adding a PIN requirement means the drive will not decrypt without the correct input at startup, which directly blocks the YellowKey attack path.
This will require a PIN to decrypt the drive at startup, effectively backing YellowKey attacks.
organisation Microsoft Intune
For devices not yet encrypted, administrators should enable the “Require additional authentication at startup” policy via Microsoft Intune or Group Policies and set “Configure TPM startup PIN” to require a startup PIN with TPM.
On devices that are not encrypted, administrators are advised to enable the "Require additional authentication at startup" option via Microsoft Intune or Group Policies and ensure that "Configure TPM startup PIN" is set to "Require startup PIN with TPM."
On devices that are not yet encrypted, admins can enable the "Require additional authentication at startup" option via Microsoft Intune or Group Policies, while ensuring that "Configure TPM startup PIN" is set to "Require startup PIN with TPM." Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network?
organisation Group Policies
For devices not yet encrypted, administrators should enable the “Require additional authentication at startup” policy via Microsoft Intune or Group Policies and set “Configure TPM startup PIN” to require a startup PIN with TPM.
On devices that are not encrypted, administrators are advised to enable the "Require additional authentication at startup" option via Microsoft Intune or Group Policies and ensure that "Configure TPM startup PIN" is set to "Require startup PIN with TPM."
On devices that are not yet encrypted, admins can enable the "Require additional authentication at startup" option via Microsoft Intune or Group Policies, while ensuring that "Configure TPM startup PIN" is set to "Require startup PIN with TPM." Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network?
organisation Intune
For organizations managing large fleets of devices, scripting the WinRE modification and pushing the TPM+PIN policy change through group policy or Intune is manageable, but it requires deliberate action.
organisation SecurityAffairs
Follow me on Twitter:  @securityaffairs  and  Facebook  and  Mastodon Pierluigi Paganini ( SecurityAffairs  – hacking, Micorsoft)
organisation Chaotic Eclipse
YellowKey was disclosed by a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse).
organisation Nightmare-Eclipse
YellowKey was disclosed by a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse).
organisation GitHub
"If you did everything properly, a shell will spawn with unrestricted access to the BitLocker protected volume," the researcher noted in a GitHub post.
organisation Reestablish BitLocker
Reestablish BitLocker trust for WinRE.
organisation Security Response Center
While the exact circumstances that triggered this spree of exploit leaks are still unclear, Nightmare Eclipse previously said that these disclosures are in protest of how Microsoft's Security Response Center (MSRC) handled the disclosure process for other security flaws they reported in the past.
organisation MSRC
While the exact circumstances that triggered this spree of exploit leaks are still unclear, Nightmare Eclipse previously said that these disclosures are in protest of how Microsoft's Security Response Center (MSRC) handled the disclosure process for other security flaws they reported in the past.
organisation Huntress
Huntress said it saw real-world exploitation of all three flaws.
Tactical Metrics
Metrics
infrastructure
‎Windows
Affected Product
It affects Windows 11 versions 24H2, 25H2, and 26H1 on x64 systems, as well as Windows Server 2025 in both standard and Server Core installations.
“Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as “YellowKey”.” reads the advisory .
Microsoft condemns the Chaotic Eclipse’s decision to release working exploit code without going through the standard coordinated disclosure process, the same researcher who has now disclosed five separate Windows vulnerabilities in rapid succession, including GreenPlasma , BlueHammer , RedSun , UnDefend , and MiniPlasma .
With that access, they place specially crafted FsTx files on a USB drive or directly in the EFI partition, plug the drive in, reboot into the Windows Recovery Environment, and hold down CTRL.
"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as 'YellowKey,'" the tech giant said in an advisory.
" The issue impacts Windows 11 version 26H1 for x64-based Systems, Windows 11 Version 24H2 for x64-based Systems, Windows 11 Version 25H2 for x64-based Systems, Windows Server 2025, and Windows Server 2025 (Server Core installation).
It essentially involves placing specially crafted 'FsTx' files on a USB drive or EFI partition, plugging the USB drive into the target Windows computer with BitLocker protections turned on, rebooting into the Windows Recovery Environment (WinRE), and triggering a shell with unrestricted access by holding down the CTRL key.
Microsoft shares mitigation for YellowKey Windows zero-day.
Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives.
"Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey".
The second issue, dubbed GreenPlasma, is a Windows privilege escalation vulnerability affecting the CTFMON framework on Windows 11 and Windows Server 2022/2026.
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days.
Researchers uncover YellowKey and GreenPlasma Windows Zero-Days Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework.
A security researcher known as Chaotic Eclipse , also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma .
The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON).
YellowKey is a BitLocker bypass issue that affects Windows 11 and Windows Server 2022/2025 systems.
The flaw allows attackers with physical access to bypass BitLocker protections and gain unrestricted shell access to encrypted volumes through the Windows Recovery Environment (WinRE).
According to the researcher, the vulnerable component only exists inside the WinRE image and not in standard Windows installations, raising suspicions about its design.
Windows 10 systems do not appear affected.
The component that is responsible for this bug is not present anywhere (even in the internet) except inside WinRE image and what makes it raise suspicions is the fact that the exact same component is also present with the exact same name in a normal windows installation but without the functionalities that trigger the bitlocker bypass issue.” wrote Chaotic Eclipse.
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.”
Chaotic Eclipse also  published proof-of-concept code  for the unpatched Windows bug.
Huntress researchers reported attackers are exploiting the three Windows flaws to target systems, though the victims and attackers remain unknown.
Metrics
infrastructure
10
Server
Also for whatever reason, only windows 11 (+Server 2022/2025) are affect, windows 10 is not.”
Intelligence Sources
Security Affairs 2026-05-15
BleepingComputer 2026-05-20
The Hacker News 2026-05-20
Security Affairs 2026-05-20