A SecurityWeek report by Ionut Arghire details two Windows zero-day exploits, YellowKey and GreenPlasma, disclosed by a disgruntled security researcher this week. YellowKey is described as a BitLocker bypass that requires physical access, with PoC code published by Chaotic Eclipse and Nightmare Eclipse that can let an attacker with a machine running Windows 11 access the storage volume.
GreenPlasma is said to enable elevation of privileges to System, with a PoC that creates an arbitrary memory section object in a directory writable by System and could affect various Windows services, including kernel-mode drivers. The article notes researchers including Kevin Beaumont, KevTheHermit, and Will Dormann tested the exploits and confirmed they work on recent Windows 11 builds, and that YellowKey may also function on devices protected by a TPM PIN.
SecurityWeek states the publication of the PoC code could help attackers weaponise these flaws, and that the outlet has asked Microsoft for a statement while cautioning that public zero-day releases alter the risk landscape.