Windows YellowKey & GreenPlasma Zero-Days Released
A security researcher has publicly released details on two critical Windows zero-day vulnerabilities, dubbed YellowKey and GreenPlasma, according to SecurityWeek. These exploits represent significant risks that defenders must understand and mitigate immediately.
YellowKey is a BitLocker bypass that requires physical access to the target system. While physical access might seem like a high bar, itβs a critical threat for devices in sensitive environments or those prone to theft. Attackers gaining physical control can circumvent disk encryption, exposing sensitive data thought to be protected. GreenPlasma, on the other hand, is an elevation of privilege (EoP) vulnerability enabling attackers to gain System-level access. This is the holy grail for post-exploitation, allowing full control over a compromised machine.
The combination of these two vulnerabilities paints a grim picture. An attacker with physical access could potentially bypass BitLocker and then use GreenPlasma to achieve full system compromise. This isnβt theoretical; this is a clear attack chain. Defenders need to assess their physical security controls and ensure endpoint hardening goes beyond just disk encryption.
What This Means For You
- If your organization relies on BitLocker for data protection, understand that physical access nullifies its effectiveness due to YellowKey. More critically, GreenPlasma allows an attacker to elevate privileges to System, meaning any compromised user account on a vulnerable Windows machine can lead to full host compromise. Prioritize patching these vulnerabilities as soon as Microsoft releases fixes. In the interim, enforce stringent physical security for all endpoints and review your least privilege models.
Related ATT&CK Techniques
π‘οΈ Detection Rules
3 rules Β· 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β export to any SIEM format via the Intel Bot.
Windows GreenPlasma Privilege Escalation
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| YellowKey | Auth Bypass | Microsoft Windows BitLocker bypass requiring physical access |
| GreenPlasma | Privilege Escalation | Microsoft Windows elevation of privileges to System |
Written by SCW Vulnerability Desk
Related coverage on
Fragnesia Linux Flaw (CVE-2026-46300) Grants Root Privileges
Linux distributions are actively patching a critical kernel privilege escalation vulnerability, dubbed Fragnasia and tracked as CVE-2026-46300. BleepingComputer reports this high-severity flaw enables attackers to...
NGINX Rewrite Module Flaw (CVE-2026-42945) Enables Unauthenticated RCE
The Hacker News reports a critical vulnerability, CVE-2026-42945, impacting NGINX Plus and NGINX Open, which remained undetected for 18 years. Discovered by depthfirst, this heap...
Microsoft BitLocker Zero-Day Exposes Protected Drives
A cybersecurity researcher has publicly released proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities, dubbed YellowKey and GreenPlasma. BleepingComputer reports that these flaws include...