u/iainfm

Anyone had any luck with Microsoft's mitigation for YellowKey (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585)?

It seems to work ok when run manually, but I've been getting mixed results when deploying as a PRS, including:

Completely broken WinRE afterwards
Failure to wipe devices after the fix, leading to them being unbootable

My thought at the moment is simply to disable WinRE via reagentc.exe until there's a better remedy. Yes, it'll stop device wipes from working but we don't to that many, and we can always give an instruction to re-enable it before one is sent (they're also MAA'd).

Thanks,

Iain

Hi all,

Apologies for asking this, but I've drawn a Google blank.

When setting the macos "Maximum user deferrals" limit, what actually constitutes a "deferral"?

Is it days, reboots, the number of times you dismiss the reminder pop-up?

Asking on behalf of a security department!

Thanks,

Iain