Critical Security Flaw Exploited by Researcher Using YellowKey and GreenPlasma Tools

Anuj May 14, 2026
www.news4hackers.com-critical-security-flaw-exploited-by-researcher-using-yellowkey-and-greenplasma-tools-critical-security-flaw-exploited-by-researcher-using-yellowkey-and-greenplasma-tools
Post Views: 2

Microsoft Faces New Challenge as Security Researcher Discloses Two Zero-Day Vulnerabilities

A prominent security researcher has brought attention to two previously unknown vulnerabilities in the Windows operating system, allowing attackers to bypass BitLocker encryption and escalate privileges to system level.

The First Vulnerability: Bypassing BitLocker Encryption

According to the researcher, the first vulnerability, codenamed “YellowKey,” enables an attacker with physical access to a machine running Windows 11 to bypass BitLocker encryption.

BitLocker, a full-volume encryption feature, relies on Trusted Platform Module (TPM) to deliver hardware-based security. However, the researcher claims that the vulnerability is due to a well-hidden flaw in the Windows Recovery Environment (WinRE) image, suggesting that it might be a backdoor intentionally planted into BitLocker.

The Second Vulnerability: Escalating Privileges

The second vulnerability, known as “GreenPlasma,” allows attackers to elevate their privileges to system level.

While the researcher has not provided the complete PoC code, they explain that it creates an arbitrary memory section object in any directory writable by the System account, highlighting its potential to manipulate various Windows services, including kernel-mode drivers.

Risks and Implications

  • Security experts warn that these vulnerabilities pose significant risks, particularly in environments where BitLocker is used to protect sensitive data.
  • They emphasize that public disclosure of zero-day exploits often shortens the time available to respond to emerging threats, making swift patching and mitigation crucial.

Response from Microsoft

In response to the disclosures, Microsoft has yet to comment on the matter.

Related Developments

  • Other companies, including Fortinet, Ivanti, Intel, and AMD, have also addressed several vulnerabilities in recent weeks, demonstrating the ongoing effort to maintain the security and integrity of software products.
  • Adobe has also patched 52 vulnerabilities across ten products, highlighting the importance of regular updates and maintenance.

Conclusion

This latest development serves as a reminder of the ongoing cat-and-mouse game between security researchers and malicious actors. As vulnerabilities are discovered and disclosed, organizations must prioritize swift patching and mitigation efforts to minimize the risk of exploitation.



About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-g7-nations-publish-ai-supply-chain-security-guidelines-g7-nations-publish-ai-supply-chain-security-guidelines

G7 Nations Publish AI Supply Chain Security Guidelines

Anuj May 14, 2026
www.news4hackers.com-microsoft-s-winui-agent-plugin-cuts-token-usage-by-70-for-developers-microsoft-s-winui-agent-plugin-cuts-token-usage-by-70-for-developers

Microsoft’s WinUI Agent Plugin Cuts Token Usage by 70% for Developers

Anuj May 14, 2026
www.news4hackers.com-ai-advancements-surpass-initial-projections-ai-advancements-surpass-initial-projections

AI Advancements Surpass Initial Projections

Anuj May 14, 2026

Latest Cyber Security News

www.news4hackers.com-dell-s-supportassist-software-linked-to-windows-blue-screen-crashes-dell-s-supportassist-software-linked-to-windows-blue-screen-crashes

Dell’s SupportAssist Software Linked to Windows Blue Screen Crashes

Anuj May 14, 2026
www.news4hackers.com-critical-security-flaw-exploited-by-researcher-using-yellowkey-and-greenplasma-tools-critical-security-flaw-exploited-by-researcher-using-yellowkey-and-greenplasma-tools

Critical Security Flaw Exploited by Researcher Using YellowKey and GreenPlasma Tools

Anuj May 14, 2026
Professional promotional banner for Craw Academy’s 1 Year AI & ML Diploma Course featuring futuristic AI graphics, robotic visuals, course highlights, enrollment CTA button, and contact details.

Introducing 1 Year AI & ML Diploma Course by Craw Security

daksh kataria May 14, 2026
www.news4hackers.com-g7-nations-publish-ai-supply-chain-security-guidelines-g7-nations-publish-ai-supply-chain-security-guidelines

G7 Nations Publish AI Supply Chain Security Guidelines

Anuj May 14, 2026
www.news4hackers.com-microsoft-turns-copilot-studio-into-central-hub-for-ai-agent-control-microsoft-turns-copilot-studio-into-central-hub-for-ai-agent-control

Microsoft Turns Copilot Studio Into Central Hub for AI Agent Control

Anuj May 14, 2026
en_USEnglish
en_USEnglish