A zero-day exploit, dubbed YellowKey, has been discovered that bypasses the default BitLocker encryption on Windows 11 systems, allowing unauthorized access to disk contents. This exploit requires physical access to the computer and targets the trusted platform module (TPM) where the decryption key is stored. The vulnerability is particularly concerning for organizations that rely on BitLocker as a mandatory protection measure, including those with government contracts. The exploit was published by a researcher known as Nightmare-Eclipse, who demonstrated its reliability in bypassing default Windows 11 deployments of BitLocker1. Given the severity of this exploit, organizations must assess their exposure immediately, as the window for patching is rapidly closing. The fact that this exploit targets a critical Microsoft security feature means that practitioners should prioritize evaluating their systems' vulnerability to YellowKey, as the potential consequences of a successful attack could be severe.