A newly discovered zero-day exploit, known as GreatXML, has been found to bypass BitLocker, a full-volume encryption feature developed by Microsoft. This exploit leverages a vulnerability in Microsoft Defender, specifically its offline scan functionality, to spawn a SYSTEM shell when a system is rebooted in Recovery Mode. The GreatXML exploit poses a significant threat as it allows attackers to access encrypted data without requiring a password or authentication. The fact that this exploit targets Microsoft Defender's offline scan1 highlights the importance of assessing exposure immediately, as zero-day activity targeting Microsoft often results in quickly closing patching windows. This vulnerability has significant implications for organizations relying on BitLocker for data protection, making it crucial for practitioners to evaluate their systems' vulnerability to this exploit and take necessary measures to mitigate potential risks. The discovery of this exploit underscores the need for prompt action to address the vulnerability and prevent potential data breaches.