TL;DR
An anonymous security researcher known as Nightmare-Eclipse has released details about two new Windows zero-day exploits, YellowKey and GreenPlasma, shortly after Microsoft’s Patch Tuesday. These disclosures raise serious security concerns, especially as the researcher claims to have more vulnerabilities ready to release.
An anonymous security researcher known as Nightmare-Eclipse has released details of two new Windows zero-day vulnerabilities, YellowKey and GreenPlasma, just after Microsoft’s latest Patch Tuesday updates. These disclosures include a method to bypass BitLocker encryption and a privilege escalation flaw that could give attackers SYSTEM-level access, raising significant security concerns.
Nightmare-Eclipse, who has previously leaked three zero-day exploits this year, announced the release of YellowKey and GreenPlasma, both of which pose serious threats to Windows security. YellowKey allows an attacker with physical access to bypass BitLocker encryption by loading specific files onto a USB drive and executing a sequence, granting unrestricted shell access to the machine. Experts warn that, despite requiring physical access, this could facilitate theft of encrypted data from stolen devices.
GreenPlasma is a privilege escalation flaw for which the researcher provided partial exploit code. While the current code triggers a User Account Control (UAC) prompt and is not yet weaponized for silent exploitation, cybersecurity professionals warn that such vulnerabilities are often exploited post-compromise to escalate privileges, access credentials, and move laterally within networks. Both vulnerabilities have yet to be patched by Microsoft.
Why It Matters
The disclosures of YellowKey and GreenPlasma underscore ongoing security risks from zero-day vulnerabilities, especially as the researcher has a history of releasing exploits that are subsequently exploited in real-world attacks. Their claims of more vulnerabilities being ready for release could lead to increased threat activity, impacting organizations and individuals relying on Windows security measures.
64GB – Bootable USB Drive 3.2 for Windows 11/10 / 8.1/7, Install/Recovery, No TPM Required, Included Network Drives (WiFi & LAN),Supported UEFI and Legacy, Data Recovery, Repair Tool
✅ Beginner watch video instruction ( image-7 ), tutorial for "how to boot from usb drive", Supported UEFI…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
Nightmare-Eclipse first gained attention earlier this year with the leak of BlueHammer, RedSun, and UnDefend, all of which remain unpatched. The researcher has stated that their leaks are retaliatory, following a perceived violation of trust, and has hinted at a ‘dead man’s switch’ with additional exploits prepared for release. Microsoft has yet to comment on these latest disclosures or confirm the vulnerabilities’ severity.
“If [the researcher’s claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification.”
— Rik Ferguson, VP of security intelligence at Forescout
“YellowKey remains a huge security problem for organizations using BitLocker, though it can be mitigated with a PIN and BIOS password.”
— Gavin Knapp, cyber threat intelligence lead at Bridewell
“The same post linking yesterday’s releases warns of another Patch Tuesday surprise and hints at future RCE disclosures. They claim to have a dead man’s switch with more ready to go.”
— Ferguson
The J Tool Thumb Turn Bypass Tool
The THUMB TURN "J TOOL" is Recommended that the professionals to buy it.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet confirmed whether the vulnerabilities are fully exploitable in all Windows configurations, or if Microsoft has developed effective mitigations. The full technical details and the scope of the vulnerabilities remain under analysis, and no official patches have been announced.
Check Mate Infidelity Test Kit – 10 Tests – Check your spouse, boyfriend, girlfriend, partner.
5 MINUTE INFIDELITY TEST KIT: Check Mate is the latest revolution in-home test kits, detecting dried semen left…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Microsoft is expected to review the disclosed vulnerabilities and may release security updates in upcoming Patch Tuesday cycles. Security professionals advise organizations to implement additional protections, such as BIOS passwords and PINs, to mitigate immediate risks. Further disclosures from the researcher are anticipated.
BIO-key SideTouch Compact Fingerprint – Tested & Qualified by Microsoft for Windows Hello – Eliminate Passwords on Windows 8.1/10 – Includes OmniPass Online Password Vault with Purchase
SideTouch compact fingerprint reader; native support for Windows Hello
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is the significance of these zero-day leaks?
The leaks reveal critical vulnerabilities that could allow attackers to bypass encryption and escalate privileges, potentially leading to data theft and system compromise. Their release also indicates ongoing threat activity and raises concerns about unpatched security flaws.
Can these vulnerabilities be exploited remotely?
No, both YellowKey and GreenPlasma require physical access to the targeted machine, although they still pose serious risks if stolen devices are not properly secured.
Will Microsoft patch these vulnerabilities?
Microsoft has not yet confirmed or issued patches for these vulnerabilities. Security experts recommend applying additional security measures and monitoring for updates in upcoming Patch Tuesday releases.
What should organizations do to protect themselves now?
Organizations should ensure BIOS passwords are enabled, use PINs with BitLocker, and monitor for suspicious activity. Keeping systems updated and following security advisories is also advised.
What does the researcher’s threat of more releases mean?
The researcher has indicated they have more vulnerabilities ready to disclose, which could lead to further exploits and increased threat activity targeting Windows systems.
