Windows BitLocker Zero-Day: YellowKey and GreenPlasma
🔒 A researcher known as Chaotic Eclipse (Nightmare-Eclipse on GitHub) published proof-of-concept exploits named YellowKey and GreenPlasma that bypass BitLocker protections and enable local privilege escalation on affected Windows versions. YellowKey abuses the Windows Recovery Environment (WinRE) and NTFS transaction replay to spawn a shell and access encrypted volumes, while GreenPlasma allows arbitrary memory-section creation that can be escalated to SYSTEM. The author said the disclosures were driven by dissatisfaction with Microsoft's handling of reports. Microsoft says it investigates and supports coordinated disclosure.
