A researcher known as Nightmare-Eclipse has leveled serious allegations against Microsoft, claiming the tech giant intentionally implemented a backdoor within its BitLocker volume encryption system. This controversy follows the emergency release of an out-of-band mitigation for a vulnerability tracked as CVE-2026-45585, also referred to as YellowKey. The flaw is not universal across the Windows ecosystem, as it reportedly impacts only the most modern iterations of the operating system.
Affected versions include:
- Windows 11
- Windows Server 2022
- Windows Server 2025
The researcher suggests that the nature of the vulnerability points toward a deliberate security bypass rather than an accidental coding error. While Microsoft has moved to address the issue with patches, the accusations raise significant privacy and security concerns for enterprise environments relying on BitLocker to protect sensitive data at rest.
