A security researcher known as Chaotic Eclipse has disclosed two new zero-day exploits targeting Microsoft Windows. The first, dubbed "YellowKey," allows unauthorized access to BitLocker-encrypted drives by simply copying specific files to a USB stick and rebooting into the Windows Recovery Environment. This exploit bypasses the need for encryption keys and reportedly works even with TPM and PIN protections, raising significant security concerns for millions of users worldwide. The second exploit, "GreenPlasma," allegedly provides local privilege escalation to gain system-level access by manipulating system processes. AI
IMPACT Security vulnerabilities in BitLocker and Windows could impact the integrity of data used in AI systems and operations.
RANK_REASON Disclosure of security vulnerabilities in widely used software.
- BitLocker
- Chaotic Eclipse
- GreenPlasma
- Microsoft
- Windows
- TPM
- Windows Recovery Environment
- Windows Server 2022
- Windows Server 2025
- YellowKey
- Tom's Hardware
AI-generated summary · Google Gemini · from 2 sources. How we write summaries →
