Microsoft Patches Trio of Windows Zero-Days Exploited by Nightmare Eclipse

TL;DR Summary
Microsoft released June 2026 Patch Tuesday fixes for three Windows zero-days—GreenPlasma and MiniPlasma privilege-escalation flaws in the Collaborative Translation Framework and Cloud Files Mini Filter Driver, and YellowKey in WinRE—that could allow attackers to gain SYSTEM-level access or bypass BitLocker on patched Windows 11 and Windows Server 2022/2025 systems. The flaws were disclosed by Nightmare Eclipse in protest of MSRC handling, continuing a series of leaks and PoCs (BlueHammer, RedSun, UnDefend, RoguePlanet). Microsoft provided mitigations and warned about PoC disclosures, while saying it would coordinate with law enforcement if needed.
- Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days BleepingComputer
- Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days Malwarebytes
- Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review Qualys
- Blame AI: Patch Tuesday Hits Record 206 CVEs Dark Reading
- Microsoft Patches 200 Vulnerabilities SecurityWeek
Reading Insights
Total Reads
0
Unique Readers
20
Time Saved
3 min
vs 4 min read
Condensed
86%
621 → 90 words
Want the full story? Read the original article
Read on BleepingComputer