This worrying Microsoft BitLocker backdoor can grant full access to a locked drive — and all you need is a USB stick

News
By published

Chaotic Eclipse is wreaking havoc across the Windows landscape

A man typing on a Windows 11 laptop
(Image credit: Shutterstock / Alex Photo Stock)
  • Chaotic Eclipse leaks two new Windows flaws: YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation)
  • YellowKey abuses WinRE to bypass BitLocker; verified by Kevin Beaumont, though mitigations are debated
  • GreenPlasma exploits CTFMON services for SYSTEM access; follows earlier leaks RedSun, UnDefend, and BlueHammer (later patched as CVE‑2026‑33825)

Chaotic Eclipse, the security researcher who recently leaked three unpatched Windows vulnerabilities because they weren’t happy with how Microsoft handles bug reports, has now leaked two more flaws, together with proof-of-concepts (PoC) showing how they could be exploited.

In their latest release, Chaotic Eclipse disclosed flaws named YellowKey and GreenPlasma. The former is a BitLocker bypass, while the latter is a privilege escalation vulnerability.

YellowKey targets the Windows Recovery Environment (WinRE) and the BitLocker encryption system. The flaw reportedly lets someone with physical access to a Windows 11 device bypass BitLocker protections and access encrypted files without the user’s password, with Chaotic Eclipse stressing it abuses recovery-mode components that still have access to decrypted drives during boot and repair operations.

Latest Videos From

Redsun, UnDefend, and BlueHammer

GreenPlasma, on the other hand, targets the Windows CTFMON input and text services component. Being a local privilege-escalation vulnerability, it allows threat actors with low privileges (or a piece of malware) to gain SYSTEM-level access, granting full control.

Chaotic Eclipse first started leaking these flaws in early April this year. Apparently, they were unhappy with how Microsoft handles bug reports, so they just decided to leak vulnerabilities applicable to Windows 11 with the latest updates. So far, they’ve leaked three vulnerabilities, called RedSun, UnDefend, and BlueHammer.

The latter is a Windows privilege escalation issue that Microsoft later patched as CVE-2026-33825.

Microsoft is still giving boilerplate statements, saying it is “committed to investigating reported security issues”:

"We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community," a Microsoft spokesperson said.

BleepingComputer noted independent security researcher Kevin Beaumont verified the bug works, and recommended using BitLocker PIN and a BIOS password as mitigation. Chaotic Eclipse responded saying this doesn’t really mitigate the threat.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.