{"uuid": "edd8a19b-432e-460c-9411-4c4e621bcc79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45585", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116604563324444723", "content": "Microsoft has released CVE-2026-45585 to document YellowKey mitigations.\nSpecifically, you remove the FsTx Auto Recovery Utility, autofstx.exe, from the WinRE image.\nWith this change, the Transactional NTFS replaying that deletes winpeshl.ini no longer happens. It also recommends switching from TPM-only to TPM+PIN.\nBut wait!, you clever security-conscious person exclaims. If the WinRE partition is unencrypted, what stops an attacker from simply splatting back a vulnerable WinRE partition/image?  You are right, you can indeed do this and you'll get a CMD prompt when WinRE is entered.  However, the modification of WinRE will cause the trust relationship between bitlocker and WinRE to fail.  And as such, while you are at your handy cmd.exe prompt, you will not get an automatically-decrypted bitlocker partition.", "creation_timestamp": "2026-05-20T02:35:17.877520Z"}