- Chaotic Eclipse leaks two new Windows bugs: YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation)
- YellowKey abuses WinRE to bypass BitLocker; verified by Kevin Beaumont, although mitigations are debated
- GreenPlasma exploits CTFMON services to access the SYSTEM; follows previous leaks from RedSun, UnDefend and BlueHammer (later patched as CVE-2026-33825)
Chaotic Eclipse, the security researcher who recently leaked three unpatched Windows vulnerabilities because he was unhappy with the way Microsoft handles bug reports, has now leaked two more flaws, along with proofs of concepts (PoCs) showing how they could be exploited.
In its latest release, Chaotic Eclipse revealed flaws called YellowKey and GreenPlasma. The first is a BitLocker bypass, while the second is a privilege escalation vulnerability.
YellowKey targets the Windows Recovery Environment (WinRE) and the BitLocker encryption system. The flaw reportedly allows someone with physical access to a Windows 11 device to bypass BitLocker protections and access encrypted files without the user’s password, and Chaotic Eclipse emphasizes that it abuses recovery mode components that still have access to decrypted drives during boot and repair operations.
Redsun, UnDefend and BlueHammer
GreenPlasma, on the other hand, targets the CTFMON input and text services component of Windows. As a local privilege escalation vulnerability, it allows low-privileged threat actors (or a piece of malware) to gain SYSTEM-level access, granting full control.
Chaotic Eclipse started leaking these bugs in early April of this year. Apparently, they were unhappy with the way Microsoft handles bug reports, so they simply decided to leak vulnerabilities applicable to Windows 11 with the latest updates. So far, they have leaked three vulnerabilities, called RedSun, UnDefend and BlueHammer.
The latter is a Windows privilege escalation issue that Microsoft later fixed as CVE-2026-33825.
Microsoft continues to give boilerplate statements, saying it is “committed to investigating reported security issues”:
“We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure that issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community,” a Microsoft spokesperson said.
beepcomputer Prominent independent security researcher Kevin Beaumont verified that the bug works and recommended using the BitLocker PIN and a BIOS password as mitigation. Chaotic Eclipse responded by saying that this doesn’t really mitigate the threat.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
