Back

Disgruntled Researcher Releases BitLocker Bypass and Privilege Escalation Exploits

Severity: High (Score: 69.9)

Sources: Theregister, Bleepingcomputer, Cybernews

Summary

A rogue security researcher, known as Nightmare-Eclipse, has released two critical Windows zero-day exploits: 'YellowKey' bypasses BitLocker encryption, and 'GreenPlasma' allows privilege escalation to SYSTEM level. The exploits were made public on May 13, 2026, following Microsoft's Patch Tuesday. YellowKey requires physical access to a BitLocker-protected machine and involves a USB drive and specific key presses to gain unrestricted shell access. GreenPlasma targets the CTFMON process, allowing attackers to manipulate trusted memory sections. Experts warn that these vulnerabilities pose significant risks, especially for organizations relying on BitLocker for device security. The researcher hinted at a potential backdoor in the BitLocker recovery environment, raising further concerns. Currently, there are no known mitigations for GreenPlasma, while YellowKey can be somewhat mitigated by implementing a BitLocker PIN and BIOS password lock. Key Points: • Nightmare-Eclipse released two critical zero-day exploits targeting Windows systems. • YellowKey bypasses BitLocker encryption, requiring physical access to the device. • GreenPlasma allows privilege escalation to SYSTEM level but lacks a complete exploit.

Key Entities

  • Chaotic Eclipse (apt_group)
  • Nightmare Eclipse (apt_group)
  • Zero-day Exploit (attack_type)
  • Microsoft (company)
  • CVE-2026-32201 (cve)
  • CWE-269 - Improper Privilege Management (cwe)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1055 - Process Injection (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1112 - Modify Registry (mitre_attack)
  • T1547 - Boot Or Logon Autostart Execution (mitre_attack)
  • BitLocker (platform)
  • Windows (platform)
  • Windows Defender (platform)
  • BlueHammer (vulnerability)
  • GreenPlasma (vulnerability)
  • RedSun (vulnerability)
  • UnDefend (vulnerability)
  • Yellow Key (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed