New Windows Zero-Day Vulnerabilities: YellowKey and GreenPlasma Exploits Released

New Windows Zero-Day Vulnerabilities: YellowKey and GreenPlasma Exploits Released

First seen 13 May 2026, 16:44 UTC CybernewsTheregisterBleepingcomputerItnews.Aucvereports.com+29 86% similarity 69.9

Article Content

Browse articles
ThreatCluster

Security researcher Nightmare-Eclipse has disclosed two critical zero-day vulnerabilities affecting Windows 11 and Windows Server 2022/2025. The first, YellowKey, allows attackers to bypass BitLocker encryption, granting unrestricted access to protected drives by exploiting the Windows Recovery Environment. The second, GreenPlasma, is a privilege escalation flaw that enables local users to gain SYSTEM privileges by manipulating the CTFMON process. Both vulnerabilities were released shortly after Microsoft's Patch Tuesday updates, raising concerns about their potential exploitation in the wild. The researcher claims that YellowKey functions like a backdoor, as it relies on a component found only in the recovery environment. The vulnerabilities affect systems that utilize BitLocker for encryption, particularly in enterprise settings. Currently, there are no official patches or mitigations from Microsoft for these vulnerabilities.

Key Points: • Nightmare-Eclipse disclosed two zero-day vulnerabilities: YellowKey and GreenPlasma. • YellowKey allows bypassing BitLocker encryption, providing unrestricted access to protected drives. • GreenPlasma enables local privilege escalation to SYSTEM privileges, posing significant risks.

ThreatCluster AI

Timeline

2026-04-14
CVE-2026-33825 published
Microsoft disclosed the BlueHammer vulnerability, a local privilege escalation flaw in Defender.
cvereports.com
2026-04-14
CVE-2026-32201 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-04-22
CVE-2026-33825 added to CISA KEV
CVE-2026-33825 was recognized as actively exploited and added to the CISA Known Exploited Vulnerabilities catalog.
cvereports.com
2026-05-12
YellowKey and GreenPlasma disclosed
Nightmare-Eclipse released details on YellowKey and GreenPlasma, exploiting BitLocker and privilege escalation.
Neowin
2026-05-13
Proof-of-concept for YellowKey published
The researcher released a PoC for YellowKey, demonstrating its ability to bypass BitLocker encryption.
Bleepingcomputer

Community

Browse all →