
Microsoft Patches Trio of Windows Zero-Days Exploited by Nightmare Eclipse
Microsoft released June 2026 Patch Tuesday fixes for three Windows zero-days—GreenPlasma and MiniPlasma privilege-escalation flaws in the Collaborative Translation Framework and Cloud Files Mini Filter Driver, and YellowKey in WinRE—that could allow attackers to gain SYSTEM-level access or bypass BitLocker on patched Windows 11 and Windows Server 2022/2025 systems. The flaws were disclosed by Nightmare Eclipse in protest of MSRC handling, continuing a series of leaks and PoCs (BlueHammer, RedSun, UnDefend, RoguePlanet). Microsoft provided mitigations and warned about PoC disclosures, while saying it would coordinate with law enforcement if needed.



