A researcher known as Chaotic Eclipse (Nightmare Eclipse) has published PoC exploits for two unpatched Windows vulnerabilities: YellowKey, a BitLocker bypass affecting Windows 11 and Windows Server 2022/2025, and GreenPlasma, a privilege escalation flaw. YellowKey exploits NTFS transactions in the Windows Recovery Environment using specially crafted FsTx files on a USB drive or EFI partition to spawn a CMD shell with unrestricted access to BitLocker-protected volumes. It works against TPM-only BitLocker configurations but not TPM+PIN setups — though the researcher claims a TPM+PIN variant exists and has not been released. GreenPlasma targets CTFMON to create arbitrary memory-section objects, potentially enabling SYSTEM-level access. Both vulnerabilities remain unpatched. Independent researchers Kevin Beaumont and Will Dormann confirmed YellowKey's validity. The researcher, motivated by dissatisfaction with Microsoft's bug handling, has promised more disclosures on the next Patch Tuesday.
Sort: