- Chaotic Eclipse leaks two new Windows bugs: YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation)
- YellowKey abuses WinRE to bypass BitLocker; verified by Kevin Beaumont, although mitigations are discussed
- GreenPlasma leverages CTFMON services for SYSTEM access; follows previous leaks RedSun, UnDefend and BlueHammer (later fixed as CVE-2026-33825)
Chaotic Eclipse, the security researcher who recently leaked three unpatched Windows vulnerabilities because they were unhappy with how Microsoft handles bug reports, has now leaked two more bugs along with proof-of-concepts (PoC) showing how they could be exploited.
In their latest release, Chaotic Eclipse revealed bugs named YellowKey and GreenPlasma. The former is a BitLocker bypass, while the latter is a privilege escalation vulnerability.
YellowKey targets the Windows Recovery Environment (WinRE) and the BitLocker encryption system. The flaw reportedly lets someone with physical access to a Windows 11 device bypass BitLocker protection and access encrypted files without the user’s password, with Chaotic Eclipse stressing that it abuses components in recovery mode that still have access to decrypted drives during startup and repair.
Redsun, UnDefend and BlueHammer
GreenPlasma, on the other hand, targets the Windows CTFMON input and text service component. Being a local privilege escalation vulnerability, it allows low-privileged threat actors (or a piece of malware) to gain SYSTEM-level access, giving full control.
Chaotic Eclipse first started leaking these bugs in early April of this year. Apparently, they were unhappy with how Microsoft handles bug reports, so they decided to just leak vulnerabilities applicable to Windows 11 with the latest updates. So far, they have leaked three vulnerabilities, called RedSun, UnDefend and BlueHammer.
The latter is a Windows privilege escalation issue that Microsoft later fixes as CVE-2026-33825.
Microsoft still provides boilerplate statements, saying it is “committed to investigating reported security issues”:
“We also support coordinated vulnerability disclosure, a widely used industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community,” a Microsoft spokesperson said.
Bleeping Computer noted independent security researcher Kevin Beaumont confirmed that the bug works and recommended using the BitLocker PIN and a BIOS password as a workaround. Chaotic Eclipse responded saying that this doesn’t really mitigate the threat.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
