tldrdailynews.com logo
Tag

Winre

All articles tagged with #winre

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows
cyber-security12 days ago

New BitLocker Zero-Days Bypass Encryption and Escalate Privileges on Windows

Two new unpatched Windows BitLocker zero-days—YellowKey (encryption bypass) and GreenPlasma (privilege escalation)—were disclosed after Patch Tuesday, leaving Windows 11 and Windows Server 2022/2025 exposed. YellowKey exploits the Windows Recovery Environment to bypass full-disk encryption, granting attackers full access to the system drive with physical access; GreenPlasma could enable unauthorized commands via arbitrary memory-section creation, enabling persistence and potential kernel-level access. There is no official patch yet; mitigations include enabling a BitLocker PIN, enforcing robust BIOS passwords, guarding WinRE against tampering, and restricting physical access until Microsoft releases fixes. Windows 10 is not affected.

via CyberSecurityNews|
#bitlocker#cyber-security#note-only-five-allowed-using-five-tags-below
Chaotic Eclipse leaks PoCs for Windows BitLocker bypass and privilege escalation
technology14 days ago

Chaotic Eclipse leaks PoCs for Windows BitLocker bypass and privilege escalation

Cybersecurity researcher Chaotic Eclipse has released PoCs for two Windows zero-days, YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation), linked to the Chaotic Eclipse/Nightmare Eclipse set. YellowKey exploits WinRE via specially crafted FsTx files to bypass BitLocker on Windows 11 and Server 2022/2025, potentially affecting TPM-only configurations; GreenPlasma could enable a SYSTEM-level shell, though its PoC is incomplete. The disclosures follow earlier flaws (BlueHammer, RedSun) and ongoing leaks, with Microsoft saying it is investigating and supporting coordinated disclosure as Patch Tuesday nears.

via BleepingComputer|
#bitlocker#chaotic-eclipse#technology
Microsoft's October 2025 Windows 11 Update Causes Critical Recovery and Localhost Failures
technology7 months ago

Microsoft's October 2025 Windows 11 Update Causes Critical Recovery and Localhost Failures

Microsoft has confirmed that the October 2025 update for Windows 11 (KB5066835) causes a bug that disables mouse and keyboard functionality in the Windows Recovery Environment (WinRE), making it unusable. The issue affects navigation within WinRE, although USB devices still work within the main OS. Microsoft is investigating and plans to release an out-of-band update to fix the problem. As a temporary workaround, users can revert to an older version of the WinRE image or uninstall the problematic update.

via Windows Latest|
#microsoft#recovery-environment#technology
"Microsoft addresses BitLocker vulnerabilities with PowerShell scripts"
cybersecurity3 years ago

"Microsoft addresses BitLocker vulnerabilities with PowerShell scripts"

Microsoft has released PowerShell scripts to fix a BitLocker security bypass vulnerability in the Windows Recovery Environment (WinRE) for Windows 10 and 11 systems. The vulnerability could allow access to encrypted data in storage devices. The scripts enable enterprises to automatically update WinRE images to protect Windows devices. The flaw can only be exploited on systems with the winre.wim on the recovery partition.

via The Register|
#bitlocker#cybersecurity#microsoft