A security researcher known as Nightmare Eclipse has disclosed three new Windows zero-days—YellowKey, GreenPlasma and MiniPlasma—along with a proof-of-concept exploit for a fourth vulnerability that Microsoft supposedly patched in 2020, bringing the total to six flaws disclosed over six weeks. Some of the exploits are already being used in the wild, and one of the flaws is included in the Cybersecurity and Infrastructure Security Agency’s KEV catalog.
YellowKey can enable an attacker with physical access and a USB device to bypass BitLocker and access encrypted laptops via a reboot into WinRE, while GreenPlasma affects Windows 10, 11 and Server, enabling privilege escalation to SYSTEM; MiniPlasma targets CVE-2020-17103, an elevation-of-privilege flaw in the Windows Cloud Files Mini Filter Driver.
Microsoft has issued a patch for BlueHammer (CVE-2026-33825), which sits in KEV, and has, according to Nightmare Eclipse, quietly addressed another vulnerability RedSun without a CVE or public advisory, though the other flaws remain unpatched on some systems. Analysts caution that patching alone isn’t enough, recommending deny-by-default controls and endpoint detection as a last line of defence, with Defender and BitLocker weaknesses highlighted by the disclosures.
According to Dark Reading, Microsoft is investigating the claimed vulnerabilities while stressing coordinated vulnerability disclosure as a standard to protect customers.