A researcher using the handle Chaotic Eclipse (Nightmare-Eclipse), who previously disclosed three vulnerabilities in Microsoft Defender, has published information on two new unpatched Windows zero-day vulnerabilities: YellowKey — a BitLocker encryption bypass via the Windows Recovery Environment (WinRE), and GreenPlasma — a privilege escalation via the Windows CTFMON component. Both vulnerabilities affect Windows 11 and Windows Server 2022/2025; public PoC materials are available for both, but Microsoft has not yet issued official guidance. Organizations using BitLocker without pre-boot PIN authentication should immediately reconsider their disk protection configuration.

YellowKey: BitLocker bypass via transactional NTFS

The YellowKey vulnerability is a BitLocker full-disk encryption bypass that is exploited exclusively through the Windows Recovery Environment (WinRE). According to the researcher, the attack proceeds as follows:

1. Specially crafted files are placed on a USB drive or EFI partition in the FsTx directory (the transactional NTFS mechanism)
2. The USB drive is connected to the target machine with BitLocker enabled
3. The system is rebooted into WinRE
4. Holding down the CTRL key invokes a command shell with access to the decrypted volume

The key technical aspect was confirmed by independent researcher Will Dormann, who reported successfully reproducing the vulnerability: NTFS transactional structures on the USB drive can delete the winpeshl.ini file on another volume (X:), which causes cmd.exe to launch instead of the standard recovery environment — at a point when the BitLocker volume is already decrypted. Dormann separately emphasized that the mere ability of the \System Volume Information\FsTx directory on one volume to modify the contents of another volume when replaying transactions is itself a standalone vulnerability.

According to the researcher, TPM+PIN protection does not prevent exploitation of YellowKey. However, this claim comes from a single source and has not yet been independently verified. Exploitation requires physical access to the device.

GreenPlasma: incomplete but promising privilege escalation

The second vulnerability, GreenPlasma, is related to arbitrary creation of memory section objects via the Windows Collaborative Translation Framework (CTFMON) component. In its current form, the published PoC is incomplete — it does not demonstrate obtaining a full shell with SYSTEM privileges. Nevertheless, the exploit allows an unprivileged user to create arbitrary memory section objects inside directory objects that are writable by SYSTEM-level processes. This potentially opens the door to manipulating privileged services or drivers that implicitly trust these paths.

Despite the incompleteness of the current PoC, the primitive of arbitrary section creation in privileged directories is a serious building block for a full privilege escalation. Bringing the exploit to a fully working state is a matter of time and attacker skill.

Context: escalating conflict with Microsoft

The publication of YellowKey and GreenPlasma came roughly a month after the same researcher disclosed three vulnerabilities in Microsoft Defender — BlueHammer, RedSun, and UnDefend. Of these, BlueHammer received the identifier CVE-2026-33825 and was patched by Microsoft. According to the researcher, RedSun was fixed “quietly,” without an advisory being published — although this claim has not been independently confirmed.

The researcher openly expresses dissatisfaction with the way MSRC handles vulnerabilities and has announced “a big surprise” for Microsoft timed to the June 2026 Patch Tuesday. A Microsoft representative previously stated the company’s commitment to coordinated vulnerability disclosure and its obligation to investigate all reported security issues.

Parallel research: BitLocker downgrade attack

In parallel with the disclosure of YellowKey, French company Intrinsec described a separate BitLocker attack chain based on downgrading the bootloader version. The method exploits a fundamental property of Secure Boot: only the signing certificate of the binary is checked, not its version. This allows loading an older vulnerable version of bootmgfw.efi signed with the trusted PCA 2011 certificate.

The essence of the attack is that a second WIM image with a modified blob table is added to the SDI (System Deployment Image) file. The bootloader verifies the integrity of the first (legitimate) WIM, but boots from the second one (controlled by the attacker), which contains a malicious WinRE image with cmd.exe. According to Intrinsec, the attack can be executed in under five minutes on fully updated Windows 11 systems and requires physical access.

According to Microsoft’s documentation, the company plans to revoke the obsolete PCA 2011 certificates in the near future. Until revocation occurs, the old vulnerable bootloader signed with this certificate can be loaded without triggering Secure Boot protections.

Impact assessment

Organizations at highest risk from YellowKey are those relying on BitLocker in TPM-only mode without pre-boot authentication — a typical configuration for corporate laptops. Physical access to the device (theft, seizure, insider access), combined with a USB drive, potentially allows access to decrypted data. For GreenPlasma, the immediate risk is lower due to the incomplete PoC, but the attack primitive itself can be further developed.

Practical recommendations

• Enable BitLocker pre-boot PIN authentication — this is recommended by Microsoft itself and is the most effective measure against both classes of BitLocker attacks
• Migrate your bootloader trust chain to the CA 2023 certificate and revoke the legacy PCA 2011 certificate in accordance with Microsoft’s bootloader revocation guidance
• Restrict booting from USB via UEFI/BIOS policies on corporate devices
• Control physical access to critical systems — both BitLocker attacks require direct physical access to the device
• Monitor the June 2026 Patch Tuesday — given the researcher’s announced new disclosures, the updates may contain critical fixes

The combination of YellowKey, GreenPlasma, and Intrinsec’s independent research highlights a systemic issue: the BitLocker protection model in TPM-only configurations without a pre-boot PIN is vulnerable to multiple independent attack vectors when physical access is available. The top priority for administrators is to enable a BitLocker PIN and migrate to the CA 2023 certificate before PCA 2011 is revoked, which is scheduled for the coming month.