- Chaotic Eclipse leaks two new Windows flaws: YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation)
- YellowKey abuses WinRE to bypass BitLocker; verified by Kevin Beaumont, though mitigations are debated
- GreenPlasma exploits CTFMON services for SYSTEM access; follows earlier leaks RedSun, UnDefend, and BlueHammer (later patched as CVE‑2026‑33825)
Chaotic Eclipse, the security researcher who recently leaked three unpatched Windows vulnerabilities because they weren’t happy with how Microsoft handles bug reports, has now leaked two more flaws, together with proof-of-concepts (PoC) showing how they could be exploited.
In their latest release, Chaotic Eclipse disclosed flaws named YellowKey and GreenPlasma. The former is a BitLocker bypass, while the latter is a privilege escalation vulnerability.
YellowKey targets the Windows Recovery Environment (WinRE) and the BitLocker encryption system. The flaw reportedly lets someone with physical access to a Windows 11 device bypass BitLocker protections and access encrypted files without the user’s password, with Chaotic Eclipse stressing it abuses recovery-mode components that still have access to decrypted drives during boot and repair operations.
Redsun, UnDefend, and BlueHammer
GreenPlasma, on the other hand, targets the Windows CTFMON input and text services component. Being a local privilege-escalation vulnerability, it allows threat actors with low privileges (or a piece of malware) to gain SYSTEM-level access, granting full control.
Chaotic Eclipse first started leaking these flaws in early April this year. Apparently, they were unhappy with how Microsoft handles bug reports, so they just decided to leak vulnerabilities applicable to Windows 11 with the latest updates. So far, they’ve leaked three vulnerabilities, called RedSun, UnDefend, and BlueHammer.
The latter is a Windows privilege escalation issue that Microsoft later patched as CVE-2026-33825.
Microsoft is still giving boilerplate statements, saying it is “committed to investigating reported security issues”:
“We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community,” a Microsoft spokesperson said.
BleepingComputer noted independent security researcher Kevin Beaumont verified the bug works, and recommended using BitLocker PIN and a BIOS password as mitigation. Chaotic Eclipse responded saying this doesn’t really mitigate the threat.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/vLoSnmu8jSgXsvCsvQ36XM-2560-80.jpg
Source link
