1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This worrying Microsoft BitLocker backdoor can grant full access

    From TechnologyDaily@1337:1/100 to All on Thursday, May 14, 2026 17:45:25
    This worrying Microsoft BitLocker backdoor can grant full access to a locked drive and all you need is a USB stick

    Date:
    Thu, 14 May 2026 16:35:00 +0000

    Description:
    Chaotic Eclipse is wreaking havoc across the Windows landscape, leaking two more flaws

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Chaotic Eclipse leaks two new Windows flaws: YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation) YellowKey abuses WinRE to bypass BitLocker; verified by Kevin Beaumont, though mitigations are debated GreenPlasma exploits CTFMON services for SYSTEM access; follows earlier leaks RedSun, UnDefend, and BlueHammer (later patched as CVE202633825) Chaotic Eclipse, the security researcher who recently leaked three unpatched Windows vulnerabilities because they werent happy with how Microsoft handles bug reports, has now leaked two more flaws, together with proof-of-concepts (PoC) showing how they could be exploited.

    In their latest release, Chaotic Eclipse disclosed flaws named YellowKey and GreenPlasma. The former is a BitLocker bypass, while the latter is a
    privilege escalation vulnerability. YellowKey targets the Windows Recovery Environment (WinRE) and the BitLocker encryption system. The flaw reportedly lets someone with physical access to a Windows 11 device bypass BitLocker protections and access encrypted files without the users password, with Chaotic Eclipse stressing it abuses recovery-mode components that still have access to decrypted drives during boot and repair operations. Latest Videos From You may like Disgruntled researcher releases second major Defender zero-day Disgruntled researcher leaks worrying Windows zero-day security flaw CISA puts US government agencies on two-week deadline to patch Microsoft Defender BlueHammer zero-day exploit Redsun, UnDefend, and BlueHammer GreenPlasma, on the other hand, targets the Windows CTFMON input and text services component. Being a local privilege-escalation vulnerability, it allows threat actors with low privileges (or a piece of malware) to gain SYSTEM-level access, granting full control.

    Chaotic Eclipse first started leaking these flaws in early April this year. Apparently, they were unhappy with how Microsoft handles bug reports, so they just decided to leak vulnerabilities applicable to Windows 11 with the latest updates. So far, theyve leaked three vulnerabilities, called RedSun,
    UnDefend, and BlueHammer .

    The latter is a Windows privilege escalation issue that Microsoft later patched as CVE-2026-33825.

    Microsoft is still giving boilerplate statements, saying it is committed to investigating reported security issues: Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    "We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community," a Microsoft spokesperson said.

    BleepingComputer noted independent security researcher Kevin Beaumont verified the bug works, and recommended using BitLocker PIN and a BIOS password as mitigation. Chaotic Eclipse responded saying this doesnt really mitigate the threat. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-worrying-microsoft-bitlocker-backd oor-can-grant-full-access-to-a-locked-drive-and-all-you-need-is-a-usb-stick


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)