Back

Critical Windows BitLocker Zero-Day Exploits Released by Disgruntled Researcher

Severity: High (Score: 69.9)

Sources: Theregister, Cybersecuritynews, Itnews.Au, Cybernews, cvereports.com

Summary

A researcher known as Chaotic Eclipse has released two unpatched zero-day vulnerabilities affecting Windows 11 and Windows Server 2022/2025. The first, named YellowKey, allows attackers to bypass BitLocker encryption entirely, granting unrestricted access to protected drives. The second, GreenPlasma, is a privilege escalation flaw that can elevate user privileges to SYSTEM. Both exploits were disclosed shortly after Microsoft's Patch Tuesday, raising concerns about their potential for widespread exploitation. The researcher claims dissatisfaction with Microsoft's handling of previous bug reports motivated the release. Experts warn that these vulnerabilities could significantly impact organizations relying on BitLocker for data protection. Mitigations suggested include using a BitLocker PIN and BIOS password. The researcher has promised further disclosures, indicating ongoing risks. Key Points: • YellowKey allows complete bypass of BitLocker encryption on Windows 11 and Server 2022/2025. • GreenPlasma enables privilege escalation to SYSTEM, posing severe risks to affected systems. • Both exploits were released by a researcher dissatisfied with Microsoft's response to previous vulnerabilities.

Key Entities

  • Chaotic Eclipse (apt_group)
  • Nightmare Eclipse (apt_group)
  • Zero-day Exploit (attack_type)
  • Microsoft (company)
  • CVE-2026-32201 (cve)
  • CVE-2026-33825 (cve)
  • CWE-269 - Improper Privilege Management (cwe)
  • BlueHammer (vulnerability)
  • RedSun (vulnerability)
  • GreenPlasma (vulnerability)
  • UnDefend (vulnerability)
  • Yellow Key (vulnerability)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1055 - Process Injection (mitre_attack)
  • T1059 - Command and Scripting Interpreter (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1112 - Modify Registry (mitre_attack)
  • BitLocker (platform)
  • EFI (platform)
  • NTFS (platform)
  • TPM (platform)
  • Windows (platform)
  • Cmd.exe (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed