DNR: Deprecated, Never Removed
On May 12, 2026, a security researcher released a working exploit that defeats Windows BitLocker encryption using nothing more than a USB stick and a few minutes of physical access. The vulnerability — named YellowKey — doesn't exploit a new piece of Windows code. It exploits a piece of code that was supposed to be dead.
Transactional NTFS (TxF), the Windows file system feature at the heart of YellowKey, was deprecated by Microsoft more than a decade ago. Developers were told to stop using it. No new applications should depend on it. But it was never removed — and in 2026, an attacker can use it to read everything on an "encrypted" drive.
We have a name for this class of vulnerability: DNR.