ON June 10, 2026, security researcher Chaotic Eclipse revealed a new exploit named GreatXML that bypasses BitLocker encryption after running a Microsoft Defender Offline Scan. The exploit allows attackers to gain SYSTEM privileges in Recovery Mode, requiring only brief physical access to the machine or the ability to manipulate its recovery partition. This vulnerability stems from how XML files are processed during the Windows Recovery Environment boot sequence.
Currently, there is no patch available from Microsoft, and the researcher has criticized the company for its vulnerability reporting processes. This vulnerability follows several other zero-days disclosed by Chaotic Eclipse, highlighting ongoing security challenges faced by Microsoft.