Microsoft BitLocker – YellowKey zero-day exploit

Also, it's a twofer with the Green Plasma zero-day local privilege escalation.

When you purchase through links on our site, we may earn an affiliate commission. Here s how it works.

(Image credit: Getty Images) Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Email Share this article 30 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter There's nothing more dangerous than a bored engineer with a screwdriver, and hell hath no fury like a security researcher scorned. Last month, Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) published two zero-day exploits, BlueHammer and RedSun, that made Windows Defender offer up system administrator privileges. They did this after their disclosure reports were allegedly dismissed by Microsoft's security team, resulting in a vendetta of sorts. Eclipse has now done it again, posting two new zero-day exploits, the first one an extremely serious BitLocker exploit named Yellow Key that grants full access to a locked drive. The second one, GreenPlasma, doesn't have a complete proof-of-concept (PoC), but it allegedly performs a local privilege escalation and gains system-level access. Given Eclipse's track record, it's a fair bet that it works as advertised.