Theregister
New Windows Zero-Day Vulnerabilities: YellowKey and GreenPlasma Exploits Released
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Security researcher Nightmare-Eclipse has disclosed two critical zero-day vulnerabilities affecting Windows 11 and Windows Server 2022/2025. The first, YellowKey, allows attackers to bypass BitLocker encryption, granting unrestricted access to protected drives by exploiting the Windows Recovery Environment. The second, GreenPlasma, is a privilege escalation flaw that enables local users to gain SYSTEM privileges by manipulating the CTFMON process. Both vulnerabilities were released shortly after Microsoft's Patch Tuesday updates, raising concerns about their potential exploitation in the wild. The researcher claims that YellowKey functions like a backdoor, as it relies on a component found only in the recovery environment. The vulnerabilities affect systems that utilize BitLocker for encryption, particularly in enterprise settings. Currently, there are no official patches or mitigations from Microsoft for these vulnerabilities.
Key Points: • Nightmare-Eclipse disclosed two zero-day vulnerabilities: YellowKey and GreenPlasma. • YellowKey allows bypassing BitLocker encryption, providing unrestricted access to protected drives. • GreenPlasma enables local privilege escalation to SYSTEM privileges, posing significant risks.