A cybersecurity researcher publicly released proof-of-concept (PoC) exploits for two critical, unpatched Microsoft Windows zero-day vulnerabilities, fundamentally compromising BitLocker-protected drives. Designated YellowKey and GreenPlasma, these flaws facilitate a BitLocker bypass and a privilege-escalation, respectively. The YellowKey exploit enables an attacker to circumvent BitLocker disk encryption, thereby accessing data on secured volumes without authorization. Concurrently, GreenPlasma provides the necessary privilege elevation, allowing a local attacker to fully leverage the BitLocker bypass and gain control over system resources and encrypted storage1. The public disclosure of these PoC exploits on May 13, 2026, significantly escalates the immediate threat to all unpatched Windows installations relying on BitLocker for data protection. This potent dual vulnerability combination renders a foundational security feature ineffective, exposing sensitive information. Organizations must prioritize an urgent assessment of their Windows infrastructure, as the window for unmitigated exposure has opened, demanding rapid defensive action.
Windows BitLocker zero-day gives access to protected drives, PoC released
⚠️ Critical Alert
Why This Matters
Zero-day activity targeting Microsoft means patching windows are already closing — assess your exposure immediately.
References
- BleepingComputer. (2026, May 13). Windows BitLocker zero-day gives access to protected drives, PoC released. *BleepingComputer*. https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
Original Source
BleepingComputer
Read original →