{"id":47907,"date":"2026-05-23T15:04:52","date_gmt":"2026-05-23T08:04:52","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47907"},"modified":"2026-05-29T15:05:29","modified_gmt":"2026-05-29T08:05:29","slug":"microsoft-phat-hanh-giai-phap-ngan-chan-lo-hong-yellowkey-vuot-qua-ma-hoa-bitlocker","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/microsoft-phat-hanh-giai-phap-ngan-chan-lo-hong-yellowkey-vuot-qua-ma-hoa-bitlocker\/","title":{"rendered":"Microsoft ph\u00e1t h\u00e0nh gi\u1ea3i ph\u00e1p ng\u0103n ch\u1eb7n l\u1ed7 h\u1ed5ng YellowKey v\u01b0\u1ee3t qua m\u00e3 h\u00f3a BitLocker"},"content":{"rendered":"<p><b>Microsoft \u0111\u00e3 ch\u00ednh th\u1ee9c tri\u1ec3n khai c\u00e1c bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u nh\u1eb1m \u0111\u1ed1i ph\u00f3 YellowKey, l\u1ed7 h\u1ed5ng zero-day m\u1edbi b\u1ecb c\u00f4ng khai c\u00f3 kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf m\u00e3 h\u00f3a \u1ed5 \u0111\u0129a BitLocker tr\u00ean Windows. L\u1ed7 h\u1ed5ng hi\u1ec7n \u0111\u01b0\u1ee3c theo d\u00f5i d\u01b0\u1edbi m\u00e3 CVE-2026-45585 v\u1edbi \u0111i\u1ec3m CVSS 6.8 v\u00e0 y\u00eau c\u1ea7u k\u1ebb t\u1ea5n c\u00f4ng ph\u1ea3i c\u00f3 quy\u1ec1n ti\u1ebfp c\u1eadn v\u1eadt l\u00fd v\u1edbi thi\u1ebft b\u1ecb m\u1ee5c ti\u00eau<\/b>.<\/p>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"Anh-whitehat-vn (2).png\" data-src=\"https:\/\/whitehat.vn\/attachments\/anh-whitehat-vn-2-png.19051\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"Anh-whitehat-vn (2).png\" src=\"https:\/\/whitehat.vn\/attachments\/anh-whitehat-vn-2-png.19051\/\" alt=\"Anh-whitehat-vn (2).png\" width=\"700\" height=\"390\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<div>\n\u0110\u1ec3 th\u1ef1c hi\u1ec7n cu\u1ed9c t\u1ea5n c\u00f4ng, tin t\u1eb7c c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng USB ch\u1ee9a m\u00e3 khai th\u00e1c YellowKey r\u1ed3i kh\u1edfi \u0111\u1ed9ng h\u1ec7 th\u1ed1ng v\u00e0o m\u00f4i tr\u01b0\u1eddng kh\u00f4i ph\u1ee5c Windows Recovery Environment (WinRE). Thay v\u00ec hi\u1ec3n th\u1ecb giao di\u1ec7n ph\u1ee5c h\u1ed3i th\u00f4ng th\u01b0\u1eddng, h\u1ec7 th\u1ed1ng s\u1ebd m\u1edf tr\u1ef1c ti\u1ebfp m\u1ed9t c\u1eeda s\u1ed5 d\u00f2ng l\u1ec7nh v\u1edbi ph\u00e2n v\u00f9ng \u1ed5 \u0111\u0129a \u0111\u00e3 \u0111\u01b0\u1ee3c BitLocker t\u1ef1 \u0111\u1ed9ng m\u1edf kh\u00f3a, cho ph\u00e9p truy c\u1eadp d\u1eef li\u1ec7u v\u1ed1n \u0111ang \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a b\u1ea3o v\u1ec7.<\/p>\n<p>C\u01a1 ch\u1ebf khai th\u00e1c t\u1eadn d\u1ee5ng Transactional NTFS replay th\u00f4ng qua th\u01b0 m\u1ee5c FsTx tr\u00ean thi\u1ebft b\u1ecb USB \u0111\u1ec3 x\u00f3a t\u1ec7p c\u1ea5u h\u00ecnh winpeshl.ini trong th\u01b0 m\u1ee5c System32 c\u1ee7a WinRE. \u0110\u00e2y l\u00e0 t\u1ec7p ki\u1ec3m so\u00e1t h\u00e0nh vi kh\u1edfi \u0111\u1ed9ng c\u1ee7a m\u00f4i tr\u01b0\u1eddng ph\u1ee5c h\u1ed3i Windows. Khi t\u1ec7p b\u1ecb x\u00f3a, h\u1ec7 th\u1ed1ng kh\u00f4ng c\u00f2n t\u1ea3i giao di\u1ec7n kh\u00f4i ph\u1ee5c m\u1eb7c \u0111\u1ecbnh m\u00e0 thay v\u00e0o \u0111\u00f3 chuy\u1ec3n quy\u1ec1n \u0111i\u1ec1u khi\u1ec3n tr\u1ef1c ti\u1ebfp sang command prompt.<\/p>\n<p>C\u00e1c chuy\u00ean gia b\u1ea3o m\u1eadt cho r\u1eb1ng \u0111i\u1ec3m \u0111\u00e1ng lo ng\u1ea1i kh\u00f4ng ch\u1ec9 n\u1eb1m \u1edf kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua BitLocker, m\u00e0 c\u00f2n \u1edf vi\u1ec7c m\u1ed9t ti\u1ebfn tr\u00ecnh t\u1eeb thi\u1ebft b\u1ecb ngo\u00e0i c\u00f3 th\u1ec3 t\u00e1c \u0111\u1ed9ng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn d\u1eef li\u1ec7u tr\u00ean ph\u00e2n v\u00f9ng h\u1ec7 th\u1ed1ng th\u00f4ng qua c\u01a1 ch\u1ebf FsTx replay. \u0110i\u1ec1u n\u00e0y l\u00e0m d\u1ea5y l\u00ean nghi ng\u1ea1i v\u1ec1 m\u1ed9t v\u1ea5n \u0111\u1ec1 s\u00e2u h\u01a1n trong ki\u1ebfn tr\u00fac x\u1eed l\u00fd c\u1ee7a WinRE v\u00e0 Transactional NTFS.<\/p>\n<p>\u0110\u1ec3 gi\u1ea3m thi\u1ec3u nguy c\u01a1 b\u1ecb khai th\u00e1c, Microsoft \u0111\u00e3 \u0111\u01b0a ra quy tr\u00ecnh k\u1ef9 thu\u1eadt nhi\u1ec1u b\u01b0\u1edbc nh\u1eb1m v\u00f4 hi\u1ec7u h\u00f3a ti\u1ec7n \u00edch FsTx Auto Recovery Utility, c\u1ee5 th\u1ec3 l\u00e0 t\u1ec7p autofstx.exe, trong qu\u00e1 tr\u00ecnh WinRE kh\u1edfi ch\u1ea1y. Qu\u1ea3n tr\u1ecb vi\u00ean \u0111\u01b0\u1ee3c h\u01b0\u1edbng d\u1eabn mount h\u00ecnh \u1ea3nh WinRE tr\u00ean t\u1eebng thi\u1ebft b\u1ecb, ch\u1ec9nh s\u1eeda registry hive \u0111\u1ec3 lo\u1ea1i b\u1ecf kh\u1ea3 n\u0103ng th\u1ef1c thi c\u1ee7a autofstx.exe, sau \u0111\u00f3 c\u1eadp nh\u1eadt l\u1ea1i h\u00ecnh \u1ea3nh ph\u1ee5c h\u1ed3i v\u00e0 thi\u1ebft l\u1eadp l\u1ea1i c\u01a1 ch\u1ebf tin c\u1eady c\u1ee7a BitLocker \u0111\u1ed1i v\u1edbi WinRE.<\/p>\n<p>B\u00ean c\u1ea1nh \u0111\u00f3, Microsoft c\u0169ng khuy\u1ebfn ngh\u1ecb ng\u01b0\u1eddi d\u00f9ng b\u1ed5 sung m\u00e3 PIN cho BitLocker thay v\u00ec ch\u1ec9 d\u1ef1a v\u00e0o TPM m\u1eb7c \u0111\u1ecbnh. Tuy nhi\u00ean, nh\u00e0 nghi\u00ean c\u1ee9u Chaotic Eclipse, ng\u01b0\u1eddi c\u00f4ng b\u1ed1 m\u00e3 khai th\u00e1c YellowKey, cho bi\u1ebft k\u1ef9 thu\u1eadt n\u00e0y v\u1eabn c\u00f3 th\u1ec3 ho\u1ea1t \u0111\u1ed9ng ngay c\u1ea3 tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng \u0111\u00e3 b\u1eadt TPM k\u1ebft h\u1ee3p PIN.\u200b<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft \u0111\u00e3 ch\u00ednh th\u1ee9c tri\u1ec3n khai c\u00e1c bi\u1ec7n ph\u00e1p gi\u1ea3m thi\u1ec3u nh\u1eb1m \u0111\u1ed1i ph\u00f3 YellowKey, l\u1ed7 h\u1ed5ng zero-day m\u1edbi b\u1ecb c\u00f4ng khai c\u00f3 kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf m\u00e3 h\u00f3a \u1ed5 \u0111\u0129a BitLocker tr\u00ean Windows. L\u1ed7 h\u1ed5ng hi\u1ec7n \u0111\u01b0\u1ee3c theo d\u00f5i d\u01b0\u1edbi m\u00e3 CVE-2026-45585 v\u1edbi \u0111i\u1ec3m CVSS 6.8 v\u00e0 y\u00eau c\u1ea7u k\u1ebb t\u1ea5n c\u00f4ng [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":47908,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47907","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47907"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47907\/revisions"}],"predecessor-version":[{"id":47909,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47907\/revisions\/47909"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47908"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}