Security researchers have disclosed two new zero-day vulnerabilities affecting Microsoft Windows systems. One of them has targeted Microsoft BitLocker. The flaws were revealed in May 2026, which could allow attackers to bypass BitLocker protections and gain elevated system access. The vulnerabilities are already drawing serious attention because BitLocker protects millions of Windows devices worldwide.
The vulnerabilities included a BitLocker encryption bypass named YellowKey and a privilege escalation flaw called GreenPlasma. The researcher who released details highlighted the intentional placement of backdoors to actively credit internal Microsoft threat groups.
YellowKey BitLocker Bypass
The most concerning vulnerability is a BitLocker bypass exploit called YellowKey. The exploit allows attackers to access encrypted Windows drives using specially prepared files stored on a USB stick. The process reportedly works by triggering the Windows Recovery Environment and opening an elevated command prompt without requiring the BitLocker recovery key.
Researchers said the exploit appears to affect Windows Server 2022 and Windows Server 2025 systems. Windows 10 systems reportedly remain unaffected by the currently disclosed method. Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released proof-of-concept details after claiming earlier vulnerability disclosures to Microsoft were ignored.
GreenPlasma Privilege Escalation
The second vulnerability, called GreenPlasma, reportedly enables local privilege escalation. The exploit abuses the Windows CTFMON process and shared memory handling. Attackers could potentially gain SYSTEM-level privileges, giving them near-complete control over affected machines.
Cybersecurity experts warn that this type of exploit is especially dangerous in enterprise environments. A compromised low-level account could potentially escalate access across servers and internal systems.
Why are These Vulnerabilities Critical?
BitLocker is widely used by businesses, government agencies, and consumers to secure sensitive data on Windows devices. Windows 11 also enables BitLocker by default on many supported systems. That makes any bypass vulnerability particularly serious.
The disclosures also revive broader concerns around zero-day vulnerabilities. A zero-day flaw becomes especially dangerous because attackers can exploit it before official patches are available.
How Did Microsoft React Following the Revelation of the 0-Day Vulnerabilities?
Microsoft has not publicly released a full response or patch for YellowKey or GreenPlasma as of now. However, related vulnerabilities may eventually be addressed through future Patch Tuesday updates.
Under such circumstances, adopting precautions and securing devices will be beneficial. Security experts recommend limiting physical device access, enabling multi-factor authentication, monitoring privileged accounts, and installing Windows security updates immediately when available. Organizations are also advised to review recovery environment protections and endpoint monitoring policies while waiting for official fixes.
SecureITWorld covers every major finding and advancement in the security space. Follow our news updates and never miss any updates.
Also Read:
Google Chrome Zero Day Vulnerability: All You Need to Know About
