Windows BitLocker zero-day gives access to protected drives, PoC released

Key Points:

• Cybersecurity researcher Chaotic Eclipse has released proof-of-concept exploits for two unpatched Windows vulnerabilities: YellowKey, a BitLocker bypass, and GreenPlasma, a privilege escalation flaw, criticizing Microsoft’s handling of bug reports.
• The YellowKey exploit targets Windows Recovery Environment (WinRE) by using crafted files to gain unrestricted access to BitLocker-protected volumes on TPM-only systems, effectively acting like a backdoor; it does not require credentials but does not work with TPM+PIN configurations.
• Independent experts confirmed the validity of YellowKey, recommending mitigations like using a BitLocker PIN and BIOS password, while noting the exploit leverages NTFS transactions and Windows Recovery’s auto-unlock feature.
• GreenPlasma allows unprivileged users to create arbitrary memory-section objects in SYSTEM-writable directories, potentially enabling privilege escalation to SYSTEM level, though the released proof-of-concept is incomplete.
• The researcher plans to continue leaking Windows exploits, hinting at a “big surprise” for the next Patch Tuesday, while Microsoft reaffirmed its commitment to investigating and patching vulnerabilities through coordinated disclosure practices.