Tag

Bitlocker

All articles tagged with #bitlocker

June 2026 Patch Tuesday Breaks Windows 11: Freezes, BitLocker Recovery, and OneDrive Glitches
technology26 days ago

June 2026 Patch Tuesday Breaks Windows 11: Freezes, BitLocker Recovery, and OneDrive Glitches

Microsoft’s June 2026 Patch Tuesday update KB5094126 for Windows 11 (versions 24H2 and 25H2) has triggered widespread issues, including rapid system freezes requiring WinRE or OS reinstall, forced BitLocker recovery on reboot, and broken OneDrive Explorer integration on domain PCs. Some devices also face LAN outages while staying online, with HP machines reporting BSOD tied to ESP space. Workarounds include registry tweaks to bypass ESP failures and rolling back via WinRE, though Microsoft has not publicly acknowledged these problems in the KB. The update does deliver security fixes plus features like Bluetooth LE Audio and Windows Hello improvements, but reliability has been adversely affected for many users.

GreatXML Bypass Unlocks BitLocker via WinRE XML Files
security29 days ago

GreatXML Bypass Unlocks BitLocker via WinRE XML Files

Security researcher Chaotic Eclipse unveiled GreatXML, a new Windows BitLocker bypass that places crafted unattend.xml and Recovery/WindowsRE/ReAgent.xml on the recovery partition and, after rebooting into WinRE, spawns a shell with unrestricted access to the BitLocker volume. It builds on a recent Defender-related exploit and is the second BitLocker bypass from the researcher, with Microsoft having patched a prior bypass (YellowKey CVE-2026-45585) this Patch Tuesday.

Microsoft Patches Trio of Windows Zero-Days Exploited by Nightmare Eclipse
security1 month ago

Microsoft Patches Trio of Windows Zero-Days Exploited by Nightmare Eclipse

Microsoft released June 2026 Patch Tuesday fixes for three Windows zero-days—GreenPlasma and MiniPlasma privilege-escalation flaws in the Collaborative Translation Framework and Cloud Files Mini Filter Driver, and YellowKey in WinRE—that could allow attackers to gain SYSTEM-level access or bypass BitLocker on patched Windows 11 and Windows Server 2022/2025 systems. The flaws were disclosed by Nightmare Eclipse in protest of MSRC handling, continuing a series of leaks and PoCs (BlueHammer, RedSun, UnDefend, RoguePlanet). Microsoft provided mitigations and warned about PoC disclosures, while saying it would coordinate with law enforcement if needed.

BitLocker’s Physical‑Access Flaw Triggers June Patch Rush (CVE-2026-50507)
technology1 month ago

BitLocker’s Physical‑Access Flaw Triggers June Patch Rush (CVE-2026-50507)

Microsoft disclosed a BitLocker vulnerability (CVE-2026-50507) that lets an attacker with physical access bypass BitLocker Device Encryption and read data on the drive. The flaw, mapped to CWE-306, affects a broad range of Windows clients and servers from Windows 10/11 to Windows Server 2012 R2–2025, with a CVSS v3.1 base score of 6.8. Patches were released on June 9, 2026 as part of the June Patch Tuesday updates (KB5094041, KB5094122, KB5094123, KB5094126, KB5094127, KB5094128, KB5095051). Exploitation requires physical access, low complexity, no privileges, and no user interaction, and proof‑of‑concept code exists. Guidance: deploy the June 2026 updates promptly, verify BitLocker health, enforce TPM+PIN where possible, and strengthen physical security and incident response for unpatched or remote devices until patches are fully rolled out.

Microsoft Unveils Mitigations for Windows YellowKey Zero-Day
security1 month ago

Microsoft Unveils Mitigations for Windows YellowKey Zero-Day

Microsoft released mitigations for the YellowKey Windows BitLocker zero-day (CVE-2026-45585) after a PoC disclosure by Nightmare Eclipse, detailing steps to prevent exploitation—removing the autofstx.exe entry from the Session Manager BootExecute to stop FsTx replay, reestablishing BitLocker trust for WinRE, and enforcing TPM+PIN startup or a startup PIN with TPM on devices (via PowerShell, Intune, or Group Policy)—to block attacks until a patch is available.

YellowKey sparks backdoor debate as BitLocker bypass claim surfaces
technology1 month ago

YellowKey sparks backdoor debate as BitLocker bypass claim surfaces

A security researcher known as Nightmare-Eclipse released YellowKey, a vulnerability they say can bypass BitLocker full-disk encryption, reportedly enabling unrestricted access to protected volumes after copying an FsTx folder to a USB drive or the EFI partition and rebooting into Windows Recovery Environment. The researcher alleges this points to an intentional backdoor in a WinRE component present in Windows 11 and some Server 2022/2025 images (Windows 10 allegedly unaffected), and also introduced a second exploit, GreenPlasma, for privilege escalation. Some third-party researchers reportedly corroborate aspects of YellowKey in public GitHub materials, though full PoC details were not published and Microsoft has not publicly commented. Mitigation suggestions include not relying on a single encryption system and considering alternatives like VeraCrypt. Further details are expected around Patch Tuesday.

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows
cyber-security1 month ago

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows

Two new unpatched Windows BitLocker zero-days—YellowKey (encryption bypass) and GreenPlasma (privilege escalation)—were disclosed after Patch Tuesday, leaving Windows 11 and Windows Server 2022/2025 exposed. YellowKey exploits the Windows Recovery Environment to bypass full-disk encryption, granting attackers full access to the system drive with physical access; GreenPlasma could enable unauthorized commands via arbitrary memory-section creation, enabling persistence and potential kernel-level access. There is no official patch yet; mitigations include enabling a BitLocker PIN, enforcing robust BIOS passwords, guarding WinRE against tampering, and restricting physical access until Microsoft releases fixes. Windows 10 is not affected.

Microsoft patches BitLocker recovery glitch on Windows 11 25H2 after April 2026 updates
technology1 month ago

Microsoft patches BitLocker recovery glitch on Windows 11 25H2 after April 2026 updates

Microsoft has fixed the BitLocker recovery prompt issue that appeared after the April 2026 security update for Windows 11 25H2 with KB5089549, while Windows 10 and Windows Server still await a permanent fix. Administrators should remove the unrecommended TPM validation Group Policy and ensure BitLocker uses PCR7 bindings until broader patches are released.

Zero-Day Bypass Lets Attackers Crack Windows 11 BitLocker TPM in Seconds
technology1 month ago

Zero-Day Bypass Lets Attackers Crack Windows 11 BitLocker TPM in Seconds

A zero-day named YellowKey bypasses Windows 11’s default TPM-only BitLocker protection by exploiting a crafted FsTx/Transactional NTFS folder on a USB drive, enabling a CMD prompt and full drive access during Windows Recovery without needing the BitLocker key. Microsoft is investigating. The flaw highlights that TPM-only BitLocker may be insufficient security, with experts recommending BIOS passwords and PINs in addition to TPM protections.

New Windows Zero-Days Target WinRE BitLocker Bypass and SYSTEM Privilege Escalation
security1 month ago

New Windows Zero-Days Target WinRE BitLocker Bypass and SYSTEM Privilege Escalation

Researchers Chaotic Eclipse and Nightmare-Eclipse disclosed two Windows zero-days: YellowKey, a BitLocker bypass in Windows Recovery Environment via specially crafted FsTx files on USB or the EFI partition, and GreenPlasma, a privilege-escalation flaw tied to Windows CTFMON that could let an unprivileged user create arbitrary memory sections and potentially control privileged services. A separate BitLocker downgrade chain described by Intrinsec (CVE-2025-48804) could defeat encryption on fully patched systems with physical access by boot-image tampering. Mitigations include enabling BitLocker startup PIN, migrating the boot manager to CA 2023 certificates, and revoking PCA 2011 certificates as older certificates are retired; Microsoft notes coordinated vulnerability disclosure and upcoming Patch Tuesday updates in June 2026.

security1 month ago

Rogue researcher unleashes BitLocker bypass and SYSTEM-level Windows zero-days after Patch Tuesday

After Patch Tuesday, a rogue researcher released a third wave of Windows zero-days, including a BitLocker bypass dubbed 'Yellow key' and a privilege-escalation called 'GreenPlasma' that could grant SYSTEM-level access; the flaws affect Windows 11, Windows Server 2022, and Windows Server 2025, with Windows 10 reportedly unaffected. The exploits are publicly available on GitHub, and the researcher frames the disclosures as a backdoor-style challenge and warns of additional releases.

Chaotic Eclipse leaks PoCs for Windows BitLocker bypass and privilege escalation
technology1 month ago

Chaotic Eclipse leaks PoCs for Windows BitLocker bypass and privilege escalation

Cybersecurity researcher Chaotic Eclipse has released PoCs for two Windows zero-days, YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation), linked to the Chaotic Eclipse/Nightmare Eclipse set. YellowKey exploits WinRE via specially crafted FsTx files to bypass BitLocker on Windows 11 and Server 2022/2025, potentially affecting TPM-only configurations; GreenPlasma could enable a SYSTEM-level shell, though its PoC is incomplete. The disclosures follow earlier flaws (BlueHammer, RedSun) and ongoing leaks, with Microsoft saying it is investigating and supporting coordinated disclosure as Patch Tuesday nears.

Windows 11 April 2026 patch may trigger BitLocker recovery at boot, with fixes available
technology2 months ago

Windows 11 April 2026 patch may trigger BitLocker recovery at boot, with fixes available

Microsoft’s April 2026 Windows 11 security update KB5083769 can cause a BitLocker recovery prompt on first restart for a small subset of devices with a specific TPM/PCR7/Secure Boot configuration. It is not widespread. If you hit it, enter the BitLocker recovery key to boot, then undo the “unrecommended” TPM validation by setting the policy Configure TPM platform validation profile for native UEFI firmware configurations to Not Configured and running gpupdate /force; you can also temporarily disable and re-enable BitLocker on the OS drive to rebind to the default PCR profile. Enterprises can use Known Issue Rollback if needed. Future restarts should proceed normally after the recovery.

Microsoft rolls out emergency fixes to stabilize Windows Server after April patches
technology2 months ago

Microsoft rolls out emergency fixes to stabilize Windows Server after April patches

Microsoft released emergency out-of-band updates to fix issues caused by April 2026 Windows Server patches, including installation failures on Windows Server 2025 (KB5091157) and LSASS-related domain controller restart loops across multiple server versions; additional KBs cover Windows Server 2025 23H2, 2022, 2019, 2016 and Azure Edition hotpatches. Some Server 2025 devices may boot to BitLocker recovery after KB5082063. Other emergency fixes in recent months addressed Bluetooth visibility, RRAS, and sign-in issues.

Windows 11 February preview adds Sysmon, network speed test, and BitLocker improvements
technology4 months ago

Windows 11 February preview adds Sysmon, network speed test, and BitLocker improvements

Microsoft released the Windows 11 KB5077241 optional preview with 29 changes: improved BitLocker reliability; built-in network speed test for Ethernet, Wi‑Fi, and cellular; native Sysmon support (off by default) and auto Quick Machine Recovery on eligible Pro devices; plus UI and reliability tweaks (faster wake from sleep, smarter taskbar overflow, WebP desktop backgrounds, and RSAT on Arm64). It’s a non-security preview that can be installed via Settings > Windows Update or the Microsoft Update Catalog.