TL;DR
An anonymous hacker known as Nightmare-Eclipse has released details of two new Windows zero-day vulnerabilities, YellowKey and GreenPlasma, shortly after Microsoft’s Patch Tuesday. This ongoing leak campaign raises serious security concerns, especially for organizations relying on BitLocker.
An anonymous security researcher known as Nightmare-Eclipse has released details of two new Windows zero-day vulnerabilities, YellowKey and GreenPlasma, shortly after Microsoft’s latest Patch Tuesday updates. These disclosures include a BitLocker bypass and a privilege escalation flaw, raising significant security concerns for organizations and individual users relying on Windows security features.
Nightmare-Eclipse, an anonymous hacker, has publicly disclosed two Windows zero-day vulnerabilities, YellowKey and GreenPlasma. YellowKey allows physical attackers to bypass BitLocker encryption by loading malicious files onto a USB drive and executing a specific key sequence, granting unrestricted shell access to the machine. Experts warn that, despite requiring physical access, this flaw significantly undermines the security of stolen devices, especially in enterprise environments.
GreenPlasma is a privilege escalation flaw for Windows that the researcher has partially released exploit code for, which currently triggers a User Account Control (UAC) prompt in default configurations. While not yet weaponized for silent exploitation, this vulnerability could be exploited post-compromise to escalate privileges, enabling attackers to access sensitive data and move laterally within networks. Microsoft has not yet issued patches for these flaws, and they are considered serious threats.
Why It Matters
The disclosures of YellowKey and GreenPlasma are significant because they expose critical security weaknesses in Windows systems, especially in enterprise environments. The YellowKey flaw potentially transforms stolen laptops into unencrypted access points, while GreenPlasma could be used by attackers to deepen system compromise. The ongoing release of zero-days by the same researcher indicates a retaliatory campaign against Microsoft, which could lead to widespread exploitation if patches are not issued promptly.
Yubico – Security Key NFC – Basic Compatibility – Multi-factor authentication (MFA) Security Key, Connect via USB-A or NFC, FIDO Certified
POWERFUL SECURITY KEY: The Security Key NFC is the essential physical passkey for protecting your digital life from…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Nightmare-Eclipse previously released proof-of-concept code for other Windows vulnerabilities earlier this year, including BlueHammer, RedSun, and UnDefend. These leaks followed an alleged breach of trust with Microsoft, with the researcher claiming they were motivated by personal grievances after a dispute. The researcher has indicated they possess more undisclosed vulnerabilities and has hinted at a ‘dead man’s switch’ for future disclosures, raising fears of further zero-day releases.
“If [the researcher’s claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification.”
— Rik Ferguson, VP of security intelligence at Forescout
“YellowKey remains a huge security problem for organizations using BitLocker, but it can be mitigated with a PIN and BIOS password.”
— Gavin Knapp, cyber threat intelligence lead at Bridewell
“The same post linking yesterday’s releases warns of another Patch Tuesday surprise and hints at future RCE disclosures. They claim to have a dead man’s switch with more ready to go.”
— Ferguson
BitLocker encryption recovery tool
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It remains unclear whether Microsoft is aware of all the vulnerabilities disclosed by Nightmare-Eclipse or if additional patches are imminent. The full technical details and exploitability of GreenPlasma are still being analyzed, and Microsoft has not yet issued official statements or patches for these flaws.
THE ETHICAL HACKERS OSCP PLAYBOOK: A Practical Guide to Penetration Testing, Privilege Escalation, and OSCP Exam Preparation
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Microsoft is expected to review the disclosed vulnerabilities and may release security updates in upcoming Patch Tuesdays. Security professionals advise organizations to monitor official advisories and implement recommended mitigations, such as enabling PINs and BIOS locks for BitLocker-protected devices. Further disclosures from Nightmare-Eclipse are anticipated, potentially exposing more zero-days.
Windows vulnerability patch management
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What are the main vulnerabilities disclosed by Nightmare-Eclipse?
The main vulnerabilities are YellowKey, a BitLocker bypass requiring physical access, and GreenPlasma, a privilege escalation flaw with partial exploit code released.
How serious are these vulnerabilities?
YellowKey poses a significant risk for stolen laptops, potentially allowing access to encrypted data. GreenPlasma could enable attackers to escalate privileges after initial access, making it a serious threat if exploited.
Has Microsoft responded to these disclosures?
Microsoft has not yet issued official patches or statements regarding these vulnerabilities. Security experts recommend applying mitigations and monitoring for updates.
Can these vulnerabilities be exploited remotely?
No, YellowKey requires physical access to the device. GreenPlasma’s exploit code is partial and currently requires user interaction, but it could be weaponized for remote attacks once fully developed.
What should organizations do now?
Organizations should implement strong PINs, BIOS passwords, and other security controls to mitigate risks. They should also stay alert for official patches and advisories from Microsoft.
