May 2026 Patch Tuesday And The YellowKey BitLocker Bypass
TL;DR - The May 2026 Patch Tuesday on 12 May was Microsoft's first zero-day-free release since June 2024. It still shipped 120 CVEs, 29 of them critical remote code execution and 16 of them discovered by Microsoft's new MDASH AI security system. Seven of the patches address Copilot and Azure AI Foundry exposures. Within 24 hours of the release, a disgruntled researcher publicly dropped YellowKey, an unpatched BitLocker bypass that abuses Windows Recovery Environment via a malicious USB. June Patch Tuesday will also be the deadline for the Secure Boot 2011 certificate rollover. What you need to do: deploy May updates this week, lock down WinRE access, and start the Secure Boot CA renewal project today.
May 2026 Patch Tuesday By The Numbers
| Metric | Result |
|---|---|
| Total CVEs patched | 120 |
| Critical remote code execution flaws | 29 |
| Zero-days exploited in the wild at release | 0 (first since June 2024) |
| Bugs found by Microsoft's new MDASH AI harness | 16 |
| CVEs affecting Copilot and Azure AI Foundry | 7 |
| Unpatched BitLocker bypass dropped after Patch Tuesday | YellowKey (PoC public) |
| Unpatched privilege escalation dropped same week | GreenPlasma (PoC public) |
| Microsoft Corporation KEK CA 2011 expiration | June 2026 |
🎙️ This blog unpacks a conversation from Out of Band: A Microsoft Security Podcast, where Andrew O'Young (Microsoft MVP, Informotion), Anthony Porter (Canon Business Services) and I work through the May 2026 Microsoft security news. If you'd rather listen than read, the full episode is on YouTube.
It's not often I open a Patch Tuesday review and the headline is "nothing on fire". It happens once every couple of years.
Microsoft's May 2026 cumulative updates landed on 12 May 2026 with 120 CVEs fixed and zero actively exploited zero-days at release. The last time Microsoft pulled that off was June 2024. For anyone who has worked through 22 months of monthly "we have to ship this in the maintenance window tonight" emails, it is a small mercy.
Then, within 24 hours, a researcher going by Chaotic Eclipse dumped two unpatched zero-days on the internet to spite Microsoft's bug bounty triage. The first, YellowKey, is a BitLocker bypass that runs from a USB stick. The second, GreenPlasma, is a local privilege escalation. Both have working public proofs of concept.
So the headline really should read: "first zero-day-free Patch Tuesday in two years, followed immediately by the most operationally awkward post-Patch-Tuesday week we've had in months."
Let me walk you through the patches that landed, the two that didn't, and the Secure Boot transition you should already be planning for.
The Patches That Landed (And Why MDASH Got Half The Critical Bugs)
Across 120 CVEs, 29 are rated critical and most of those are remote code execution. The largest single chunk of newly-disclosed Windows bugs in the cycle came from one source: Microsoft's own MDASH AI security system, which I've covered in a separate deep dive.
MDASH found 16 previously-unknown vulnerabilities in the Windows networking and authentication surface this cycle: four critical RCE, ten kernel-mode, six user-mode. The affected components include tcpip.sys, http.sys, ikeext.dll, netlogon.dll, dnsapi.dll and yes, telnet.exe (which is still there, and is still findable).
If your organisation does any kind of internet-exposed Windows hosting, two facts matter here:
- Patch this week, not this month. Quarterly cycles are a luxury that disappeared the moment AI vulnerability scanners started keeping pace with Patch Tuesday.
- The disclosure-to-patch window is now hours, not months. Microsoft's research blog about MDASH and the cumulative updates patching MDASH-found bugs went out on the same day. Attackers will have the diff before your change advisory board meets.
The Seven Copilot And Azure AI Foundry Patches
Seven of the May 2026 CVEs touch Microsoft's AI surface. The grouping matters because it's the first cycle where the AI patch tranche has been large enough to need its own analysis block in vendor write-ups.
The standout is CVE-2026-33111, a critical information disclosure vulnerability in Copilot Chat for Microsoft Edge with a CVSS of 7.5. The flaw allows an unauthenticated remote attacker to disclose sensitive information over a network through a command injection that abuses improper neutralisation of special elements.
The rest of the seven cover spoofing and security-feature bypass issues in:
- M365 Copilot for Desktop and Android
- GitHub Copilot in Visual Studio
- Azure Machine Learning notebooks
The operational pattern across all seven is the same: prompt-driven social engineering and data exfiltration via the AI surface. A malicious email, document, or repository file embeds an instruction that the user's AI assistant then executes on their behalf. The user never sees the instruction. The data leaves anyway.
The defensive pattern is also the same, and it's not new: least privilege, data labels, conditional access, output sanitisation. If you're running M365 Copilot at scale and you haven't already deployed Purview sensitivity labels and Defender for Cloud Apps controls around Copilot interactions, this is your reminder. I've written about the operational reality of that rollout in Your Copilot Rollout Is A Security Disaster, and not much has changed in the underlying advice.
YellowKey: The Zero-Day That Dropped The Next Day
While Microsoft was congratulating itself on a clean Patch Tuesday, a researcher operating as Chaotic Eclipse (also seen as Nightmare-Eclipse) released two unpatched Windows zero-days the same week.
YellowKey is a BitLocker bypass that works against current Windows 11 builds, including Windows 11 24H2 and Windows Server 2022/2025. The attack pattern:
- Place specially crafted
FsTxfiles on a USB drive or EFI partition - Reboot the target into Windows Recovery Environment (WinRE)
- Hold the CTRL key during a specific stage to trigger a privileged shell
- Read or modify the contents of the BitLocker-protected drive
Multiple independent researchers including Kevin Beaumont, KevTheHermit and Will Dormann have tested the public proof of concept and confirmed it works against patched, fully updated Windows 11. The CTFMON-adjacent local privilege escalation, GreenPlasma, was released alongside it.
Chaotic Eclipse's stated motivation is dissatisfaction with how Microsoft handles bug reports. They have a recent history of dropping unpatched flaws including BlueHammer (CVE-2026-33825) and RedSun, both of which began to be exploited in the wild within days of public disclosure. They have publicly promised a "big surprise" for June 2026 Patch Tuesday.
For defenders, the practical implications:
- Physical access still wins. YellowKey requires boot-time access to the device, which means physical theft, an evil maid attack, or an insider with physical access. It is not a remote vulnerability. But for any organisation issuing laptops to a distributed workforce, "physical access" is not exactly rare.
- WinRE is the access path. The fix until Microsoft ships a patch is the same advice that has applied to WinRE-based attacks for years: disable the WinRE menu access, set a strong UEFI password, enable PIN-based BitLocker pre-boot authentication, and consider TPM+PIN for high-risk fleets. Microsoft's WinRE hardening guidance is the canonical reference.
- Inventory which devices are at risk. Devices that boot off-pin BitLocker (most enterprise default rollouts) are the soft target.
Secure Boot 2011 Certificates Expire In June
The other deadline that should already be on your project plan: the Microsoft Corporation KEK CA 2011 and the associated DB certificates expire in June 2026.
This is not a "your computer will brick" event. Systems with expired Secure Boot certificates still boot. They still receive regular Windows updates. The thing they stop receiving is future security updates to the Windows Boot Manager and the early-boot Secure Boot components.
In other words: from June 2026 onward, the most sensitive part of your boot chain stops getting security fixes unless you've rolled the new 2023 CA certificates forward into both the UEFI Secure Boot DB and the KEK on every affected device.
The mitigations:
- Read the Microsoft playbook. The Secure Boot playbook for certificates expiring in 2026 is the operational reference. Read it.
- Identify affected devices. Any Windows device released since 2012 is in scope. Surface, Lenovo, Dell and HP have all published OEM-specific firmware update guidance.
- Watch the KB rollout. Microsoft and partner OEMs are pushing the 2023 CA trust through cumulative updates and firmware updates over the coming months. Confirm via the Windows Secure Boot certificate expiration and CA updates support article.
- Old hardware is at real risk. Devices whose OEMs have ended firmware support may never receive the new certificates. Those devices need to be flagged for replacement or for additional compensating controls.
This is exactly the kind of project that gets deferred because "Secure Boot still works, doesn't it?" The honest answer is yes, until next June, after which you are running unpatchable bootloader code on the world's most attacked operating system.
What To Do This Week
For an average mid-sized Microsoft estate, the May 2026 cycle action list is short and specific:
- Deploy May 2026 Patch Tuesday across server and workstation fleets this week. Prioritise public-facing Windows hosting and identity infrastructure. The MDASH-found CVEs are concentrated in networking and authentication; those are exactly where you do not want a delay.
- Apply the seven Copilot / Azure AI Foundry patches. Update Copilot for M365, Copilot Chat for Edge, GitHub Copilot for Visual Studio, and any Azure ML notebooks in active use.
- Mitigate YellowKey while the patch is pending. Enable BitLocker pre-boot PIN authentication on high-risk fleets, lock down WinRE menu access, and audit which devices are physical-access-risk (travel, field, lost-or-stolen-recent).
- Stand up the Secure Boot 2023 CA project. Treat it like a Windows 10 EOL project, not a footnote. Inventory affected devices, get firmware update plans from OEMs, schedule the rollouts.
- Watch June Patch Tuesday. Chaotic Eclipse has publicly promised more disclosures around the June 2026 cycle.
Key Takeaways
- May 2026 was the first zero-day-free Patch Tuesday since June 2024. 120 CVEs fixed, 29 of them critical RCE, no in-the-wild exploitation at release.
- MDASH found 16 of the May 2026 Windows bugs, including four critical RCE in
tcpip.sys,http.sys,ikeext.dll,netlogon.dllanddnsapi.dll. - Seven CVEs target Copilot and Azure AI Foundry surfaces. The pattern is prompt injection and data exfiltration via the AI assistant. Patch the clients and tighten the data labels.
- YellowKey BitLocker bypass and GreenPlasma privilege escalation are public and unpatched. Public PoCs work against current Windows 11. Mitigate via pre-boot PIN, WinRE lockdown and physical-access controls.
- Secure Boot 2011 certificates expire in June 2026. Devices without the 2023 CA rolled forward will not receive future boot-chain security updates.
FAQ
Were there really no zero-days in May 2026 Patch Tuesday?
Correct. Microsoft's May 2026 cumulative update on 12 May 2026 contained no zero-day vulnerabilities that were actively exploited in the wild or publicly disclosed at the time of release. This was the first zero-day-free Patch Tuesday since June 2024. The total CVE count was 120.
What is YellowKey?
YellowKey is an unpatched BitLocker bypass disclosed in May 2026 by a researcher known as Chaotic Eclipse. It abuses Windows Recovery Environment via a specially crafted USB drive containing FsTx files to trigger a privileged shell during boot, granting access to BitLocker-protected drives. It works against current Windows 11 and Windows Server 2022/2025 builds. As of mid-May 2026 there is no official Microsoft patch.
How do I protect against YellowKey?
Three layered controls reduce the risk significantly: enable BitLocker pre-boot PIN authentication so the drive cannot be unlocked without the PIN, disable or restrict access to Windows Recovery Environment via Group Policy or Intune, and set a strong UEFI/BIOS password to prevent boot-order tampering. Physical security of the device is also part of the picture.
What is the Secure Boot 2011 certificate expiration?
The Microsoft Corporation KEK CA 2011 and associated Secure Boot DB certificates expire in June 2026. Once expired, affected Windows devices stop receiving security updates to the Windows Boot Manager and Secure Boot components. Devices continue to boot and receive regular Windows updates. Microsoft and OEMs are rolling out 2023 replacement certificates via cumulative updates and firmware updates. Devices on hardware whose OEMs have ended support may need to be replaced.
Which Copilot CVEs should I prioritise?
CVE-2026-33111 is the most severe of the seven AI-surface CVEs in May 2026, rated critical (CVSS 7.5) and affecting Copilot Chat in Microsoft Edge. The other six cover M365 Copilot for Desktop and Android, GitHub Copilot for Visual Studio, and Azure Machine Learning notebooks. All seven should be deployed as part of the standard cycle, but CVE-2026-33111 is the one with the most directly exploitable command injection path.
My Take
Zero-day-free months are rare and they should be celebrated. They are also a leading indicator that the easy bugs are getting harder to find, which is exactly what we would expect to see now that internal AI vulnerability hunting (MDASH at Microsoft, Big Sleep at Google, Glasswing at Anthropic) is finding the long tail at speed.
The bad news is that the rest of the disclosure pipeline has not caught up. Disgruntled researchers dropping public proofs of concept on social media is going to be a recurring pattern, and the asymmetric power dynamic, researcher with PoC vs. vendor with bug bounty backlog, favours the researcher every time. Microsoft will need to keep iterating on its disclosure relationships if it wants June 2026 to look any better than May 2026 in that respect.
For everyone else: this is a "do the boring things" month. Patch. Pin. Plan the Secure Boot rollover. The week you stop being precious about your maintenance windows is the week your security posture catches up with what the rest of the industry is doing.
None of this is exciting. But it works.
Mathew Clark Founder, SecureInSeconds Currently: explaining to my mother-in-law for the third time why "I don't have anything important on my laptop" is not a security control.
Further Reading
- Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days - BleepingComputer summary
- The May 2026 Security Update Review - Zero Day Initiative's per-CVE analysis
- It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight - DarkReading's framing
- Windows BitLocker zero-day gives access to protected drives, PoC released - YellowKey coverage
- Researcher Drops YellowKey, GreenPlasma Windows Zero-Days - SecurityWeek's writeup of the disclosure
- Secure Boot playbook for certificates expiring in 2026 - the canonical Microsoft operational playbook
- Microsoft MDASH: An AI Just Found 16 Critical Windows Bugs - the SecureInSeconds analysis of the AI system that found half the critical Windows bugs in this cycle
- Out of Band: A Microsoft Security Podcast - May 2026 Episode - the full conversation
