Security researcher Chaotic Eclipse published YellowKey, a zero-day that unlocks BitLocker-protected drives via USB stick and Windows Recovery Environment, with no patch from Microsoft.
Key Takeaways
YellowKey requires only copying files to a USB stick and rebooting into Windows Recovery Environment; exploit files self-delete after one use, suggesting a backdoor.
BitLocker cannot currently be trusted for drive encryption; Windows 11, Windows Server 2022, and 2025 are affected – Windows 10 is not.
A TPM-and-PIN setup does not protect against YellowKey; Eclipse claims a variant for that scenario exists but has not published a PoC.
GreenPlasma, the companion zero-day, manipulates CTFMon to place a crafted memory section object in Object Manager, enabling system-level privilege escalation.
Eclipse disclosed these after Microsoft allegedly dismissed previous reports; BlueHammer was patched, RedSun silently patched, but YellowKey and GreenPlasma have no official response.
Hacker News Comment Review
The single comment surfaces the core reputational dilemma: whether Microsoft suffers meaningful consequences for an apparent backdoor or escapes accountability due to enterprise lock-in.
