{"id":237094,"date":"2026-05-14T02:25:23","date_gmt":"2026-05-14T07:25:23","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/05\/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released"},"modified":"2026-05-14T02:25:23","modified_gmt":"2026-05-14T07:25:23","slug":"windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/05\/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released","title":{"rendered":"Windows BitLocker zero-day gives access to protected drives, PoC released"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released.jpg\"><\/a><\/p>\n<p>A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw.<\/p>\n<p>Known as Chaotic Eclipse or Nightmare Eclipse, the researcher describes the BitLocker bypass issue as functioning like a backdoor because the vulnerable component is present only in the Windows Recovery Environment (WinRE), which is used to repair boot-related issues in Windows.<\/p>\n<p>The latest exploits follow the researcher\u2019s previous disclosure of the <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">BlueHammer<\/a> (CVE-2026\u201333825) and <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">RedSun<\/a> (no identifier) local privilege escalation (LPE) as zero-day flaws, both of which began to be <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/recently-leaked-windows-zero-days-now-exploited-in-attacks\/\" rel=\"nofollow noopener noreferrer\" target=\"_blank\">exploited in the wild<\/a> shortly after being publicly disclosed.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. Known as Chaotic Eclipse or Nightmare Eclipse, the researcher describes the BitLocker bypass issue as functioning like a backdoor because the vulnerable component is present only in the [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-237094","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/237094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=237094"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/237094\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=237094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=237094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=237094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}