YellowKey and GreenPlasma: Same Researcher Drops Two More Windows Zero-Days, BitLocker Bypass via WinRE USB

The anonymous Windows researcher who previously burned Microsoft with the BlueHammer, RedSun, and UnDefend Defender zero-days has published two more. YellowKey is a BitLocker bypass that drops an unlocked CMD shell on protected drives by abusing the Windows Recovery Environment. GreenPlasma is a privilege-escalation flaw in the Collaborative Translation Framework (CTFMON) service. Both went live with proof-of-concept code on May 14, 2026. Neither has a CVE. Neither has a patch. Microsoft’s May 2026 Patch Tuesday, which shipped just two days before the disclosure, addresses neither.

The researcher, who posts as Chaotic Eclipse and Nightmare-Eclipse, made clear that this is a continuation of the same grievance that produced the Defender disclosures last month: dissatisfaction with how Microsoft has handled the entire saga. “The fire will go as long as you want, unless you extinguish it or until there’s nothing left to burn,” they wrote, while teasing “a big surprise” for the June Patch Tuesday.

YellowKey: BitLocker Bypass via WinRE

YellowKey affects Windows 11 and Windows Server 2022/2025 systems running BitLocker. The exploit is mechanical and short:

1. Copy specially crafted FsTx (Transactional NTFS) files onto a USB drive or the EFI system partition.
2. Plug the USB drive into the target machine while BitLocker is active.
3. Reboot into the Windows Recovery Environment (WinRE), the built-in recovery framework used to troubleshoot unbootable systems.
4. Hold the CTRL key during the WinRE boot sequence.
5. A cmd.exe shell opens with the BitLocker-protected volume already unlocked.

Independent reproduction by Will Dormann confirms the behavior. According to Dormann’s analysis, the underlying primitive is itself ugly: a \System Volume Information\FsTx directory on one volume can modify the contents of another volume when transactional NTFS records are replayed. In the YellowKey chain, the malicious FsTx records delete winpeshl.ini on the recovery volume (drive X:), which causes WinRE to fall back to spawning a command prompt rather than launching the recovery shell — except the protected OS volume is mounted and decrypted at that point.

The researcher claims the bug works regardless of BitLocker mode: “TPM+PIN does not help, the issue is still exploitable regardless.” Some third-party writeups have characterized the bypass as limited to TPM-only configurations, but the public PoC and the researcher’s own commentary say otherwise. Treat TPM+PIN as no protection against this primitive until proven otherwise.

What YellowKey does not do: it does not unlock a drive that has been removed from its original machine. The TPM seal still ties the volume key to the host hardware. This is an “attacker with physical access to the powered-down machine” bypass — exactly the threat model BitLocker is supposed to defend against.

GreenPlasma: CTFMON Arbitrary Section Creation

The second bug is a local privilege escalation in CTFMON, the Collaborative Translation Framework process that handles input method editor (IME) state. The flaw lets an unprivileged user create arbitrary memory section objects inside directory objects that are otherwise only writable by SYSTEM.

The released PoC is intentionally incomplete — it stops short of the final SYSTEM shell. In its current form, an attacker can plant section objects in privileged namespace paths, which opens the door to manipulating services or drivers that implicitly trust those locations. A full weaponization requires identifying a privileged consumer that will load or map the planted section, which is the missing piece the researcher chose not to publish.

For context, this is the same class of NT object namespace abuse that has driven a number of past Windows LPEs. The base primitive is more dangerous than the shipped PoC suggests; competent exploit developers will fill in the SYSTEM-shell gap quickly.

Why This Matters for Infrastructure

YellowKey is the more strategic problem. BitLocker is the assumed control for lost or seized endpoints — laptops left in cars, devices shipped to terminated employees, hardware seized during incident response. Any deployment that treats BitLocker as the perimeter for data-at-rest on Windows endpoints now has a CVE-less, patch-less gap that a USB stick and a reboot can cross.

GreenPlasma is a more conventional concern: post-initial-access elevation. Combined with any RCE that lands an unprivileged process — phishing payload, browser exploit, vulnerable LOB application — it becomes a SYSTEM-shell primitive on the same machine.

Companion Issue: BitUnlocker Downgrade Attack

Coinciding with YellowKey, French firm Intrinsec published BitUnlocker, an attack chain that bypasses BitLocker on fully patched Windows 11 in under five minutes via a boot manager downgrade. BitUnlocker exploits CVE-2025-48804 (CVSS 6.8) by attaching a second WIM to the System Deployment Image with a modified blob table — the boot manager integrity-checks the legitimate WIM but boots from the attacker-controlled WIM, which carries a cmd.exe-laced WinRE image. The patched bootmgr.efi was issued in July 2025, but Secure Boot only validates the certificate, not the binary version, so an old vulnerable bootmgfw.efi signed with the still-trusted PCA 2011 certificate executes without complaint. Microsoft plans to retire the PCA 2011 certificates next month; until then, the trust window remains open.

Mitigations

For YellowKey, there is no patch. Practical hardening:

• Enable BitLocker preboot PIN at startup. Per the researcher, the PIN does not defeat the exploit itself, but it does block adjacent classes of WinRE abuse, and any defense-in-depth posture should still require it.
• Disable booting from USB and the EFI system partition where business policy allows. BIOS-level boot order locks and a BIOS supervisor password raise the cost of the physical attack.
• Require Secure Boot with custom signature databases that explicitly distrust the PCA 2011 certificate ahead of Microsoft’s retirement, to close the BitUnlocker window.
• For high-value endpoints, consider disabling WinRE entirely (reagentc /disable) and validate recovery procedures rely on external media that won’t be accessible to a physical attacker.

For GreenPlasma:

• The shipped PoC is incomplete, but a fully weaponized version is a question of days, not weeks. Treat any Windows endpoint with non-admin users as exposed to LPE pivots until a patch lands.
• EDR rules targeting unexpected NT object namespace section creations under SYSTEM-writable directories are worth deploying as interim detection.

Disclosure Posture

This is the second batch of zero-days from the same researcher in roughly six weeks. The previous batch saw BlueHammer get assigned CVE-2026-33825 and patched, while RedSun was — according to the researcher — quietly fixed without an advisory. The pattern is now clear: the researcher will keep publishing live PoCs on the same disclosure rhythm until Microsoft changes how it engages, and has already promised a “big surprise” tied to the June Patch Tuesday. Infrastructure teams should plan for at least one more no-CVE, no-patch Windows zero-day landing on or about June 10, 2026.

References

• Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation — The Hacker News
• Windows BitLocker zero-day gives access to protected drives, PoC released — BleepingComputer
• YellowKey PoC repository (Nightmare-Eclipse)
• GreenPlasma PoC repository (Nightmare-Eclipse)
• BitUnlocker downgrade attack writeup — Intrinsec
• BitUnlocker PoC repository (garatc)
• Will Dormann’s reproduction notes