- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Windows Zero-Day, Another Vengeful PatchTuesday | YellowKey | GreenPlasma | BitLocker
YellowKey & GreenPlasma: A vengeful security researcher who claims Microsoft left him "homeless with nothing" has released the third wave of Windows Zero-Days. Two new Windows exploits, timed deliberately just after Patch Tuesday. The vulnerabilities, named YellowKey and GreenPlasma, bypass BitLocker encryption and escalate any user to SYSTEM privileges. The researcher, using aliases "Chaotic Eclipse" and "Nightmare Eclipse," has now threatened Microsoft with further disclosures, stating, "Next Patch Tuesday will have a big surprise for you Microsoft. And remember, I never failed to deliver a promise."
🔑 YellowKey – BitLocker Bypass
Affects Windows 11 and newer server versions.
Copies a special folder to a USB drive or the EFI partition.
Attacker reboots while holding specific keys.
Gains full access to the locked drive.
No exploit or kernel bug required. Uses trusted Windows components, signed binaries, and assumptions in Defender.
Modern EDRs detect malware but do not detect Windows itself becoming the attack vector.
🟢 GreenPlasma – CTFMON-Based Privilege Escalation
Affects Windows 11 and some servers.
Targets ctfmon.exe, a SYSTEM-level process responsible for text input features.
Plants an arbitrary memory section.
Tricks CTFMON into interacting with it using registry tricks and permission rules.
Attacker gains control over memory that the system fully trusts.
Allows malicious shellcode or fake DLL libraries to be planted.
Only part of the code was shared as a challenge for others.
📜 Attack Requirements (YellowKey)
Physical access to the target computer.
USB stick containing the exploit.
BitLocker protection enabled on the target.
Reboot into Windows Recovery Environment.
Enter a specific key combination.
Shell spawns with unrestricted access to the supposedly protected volume.
⚠️ The Researcher's Claims
The vulnerable component appears to be intentionally planted in the recovery environment and is not documented anywhere. The same component exists in normal Windows installations but without the functionalities that trigger the BitLocker bypass. The researcher cannot find an explanation other than intentional placement. Microsoft is accused of escalating the conflict. Defender has been spared in this release, but other companies may be dragged in.
🚨 The Warning
Chaotic Eclipse has directly warned Microsoft: "Your recent actions made me take the difficult decision to drag other companies into this, be prepared to answer questions. Next Patch Tuesday will have a big surprise for you, Microsoft. And remember, I never failed to deliver a promise."
🛡️ Immediate Actions
Immediate patching is not available at the time of writing.
Compensating controls include restricting USB boot access.
Organizations should treat this as an active threat.
Assess exposure for devices in high-risk physical access scenarios (field devices, shared workstations).
#PatchTuesday #WindowsSecurity
Видео Windows Zero-Day, Another Vengeful PatchTuesday | YellowKey | GreenPlasma | BitLocker канала Cytex
🔑 YellowKey – BitLocker Bypass
Affects Windows 11 and newer server versions.
Copies a special folder to a USB drive or the EFI partition.
Attacker reboots while holding specific keys.
Gains full access to the locked drive.
No exploit or kernel bug required. Uses trusted Windows components, signed binaries, and assumptions in Defender.
Modern EDRs detect malware but do not detect Windows itself becoming the attack vector.
🟢 GreenPlasma – CTFMON-Based Privilege Escalation
Affects Windows 11 and some servers.
Targets ctfmon.exe, a SYSTEM-level process responsible for text input features.
Plants an arbitrary memory section.
Tricks CTFMON into interacting with it using registry tricks and permission rules.
Attacker gains control over memory that the system fully trusts.
Allows malicious shellcode or fake DLL libraries to be planted.
Only part of the code was shared as a challenge for others.
📜 Attack Requirements (YellowKey)
Physical access to the target computer.
USB stick containing the exploit.
BitLocker protection enabled on the target.
Reboot into Windows Recovery Environment.
Enter a specific key combination.
Shell spawns with unrestricted access to the supposedly protected volume.
⚠️ The Researcher's Claims
The vulnerable component appears to be intentionally planted in the recovery environment and is not documented anywhere. The same component exists in normal Windows installations but without the functionalities that trigger the BitLocker bypass. The researcher cannot find an explanation other than intentional placement. Microsoft is accused of escalating the conflict. Defender has been spared in this release, but other companies may be dragged in.
🚨 The Warning
Chaotic Eclipse has directly warned Microsoft: "Your recent actions made me take the difficult decision to drag other companies into this, be prepared to answer questions. Next Patch Tuesday will have a big surprise for you, Microsoft. And remember, I never failed to deliver a promise."
🛡️ Immediate Actions
Immediate patching is not available at the time of writing.
Compensating controls include restricting USB boot access.
Organizations should treat this as an active threat.
Assess exposure for devices in high-risk physical access scenarios (field devices, shared workstations).
#PatchTuesday #WindowsSecurity
Видео Windows Zero-Day, Another Vengeful PatchTuesday | YellowKey | GreenPlasma | BitLocker канала Cytex
Комментарии отсутствуют
Информация о видео
19 мая 2026 г. 17:00:22
00:00:09
Другие видео канала
