PatchSiren cyber security CVE debrief
CVE-2026-45585 Microsoft CVE debrief
On 2026-05-20, Microsoft published CVE-2026-45585 for a Windows security feature bypass publicly referred to as “YellowKey.” Microsoft says a proof of concept was made public, and the CVE was issued to provide mitigation guidance until a security update is available. NVD lists affected Windows 11 x64 releases 24H2, 25H2, and 26H1, plus Windows Server 2025.
- Vendor
- Microsoft
- Product
- Windows 11 Version 24H2
- CVSS
- MEDIUM 6.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-20
- Original CVE updated
- 2026-05-20
- Advisory published
- 2026-05-20
- Advisory updated
- 2026-05-20
Who should care
Windows administrators, endpoint security teams, and server operators running the affected Windows releases should review Microsoft’s guidance promptly. Organizations with exposure to Windows 11 x64 24H2/25H2/26H1 or Windows Server 2025 should treat this as a prioritized hardening item while waiting for the security update.
Technical summary
The vulnerability is categorized as a security feature bypass and NVD maps it to CWE-77. Microsoft’s CVE description and NVD metadata indicate the issue affects Windows platforms rather than a single application component, with a CVSS 3.1 vector of AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H and a score of 6.8. The public references include Microsoft’s advisory and a third-party GitHub reference associated with the public proof of concept.
Defensive priority
Medium overall, but higher priority for systems running the listed affected Windows versions or any environment where local/physical access to endpoints and servers is a realistic risk. Because Microsoft has issued mitigation guidance and a public proof of concept exists, defenders should act before the security update is broadly available.
Recommended defensive actions
- Review Microsoft’s advisory for CVE-2026-45585 and apply the listed mitigations as soon as possible.
- Inventory Windows 11 x64 24H2, 25H2, and 26H1 systems, as well as Windows Server 2025, to determine exposure.
- Prioritize hardening for endpoints and servers where local or physical access is possible.
- Monitor Microsoft security update guidance for this CVE and plan rapid deployment when the fix is released.
- Validate that endpoint protection, access controls, and device custody processes reduce the chance of unauthorized local interaction with affected systems.
Evidence notes
This debrief is based only on the supplied CVE record, NVD metadata, and the linked Microsoft advisory. Microsoft’s CVE description explicitly says the issue is a Windows security feature bypass publicly referred to as “YellowKey” and that a proof of concept was made public. NVD lists the affected Windows CPEs, the CVSS 3.1 vector, and CWE-77. No exploit details are included here.
Official resources
-
CVE-2026-45585 CVE record
CVE.org
-
CVE-2026-45585 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Mitigation
-
Mitigation or vendor reference
134c704f-9b21-4f2e-91b3-4a467353bcc0 - Exploit, Third Party Advisory
Microsoft states the vulnerability was publicly referred to as “YellowKey” and that a proof of concept was made public, which it describes as violating coordinated vulnerability best practices.