Cybersecurity researcher Chaotic Eclipse (also known as Nightmare Eclipse) has publicly released proof-of-concept (PoC) exploits for two unpatched Windows vulnerabilities, dubbed YellowKey and GreenPlasma. YellowKey is a BitLocker bypass that targets the Windows Recovery Environment (WinRE), while GreenPlasma is a local privilege escalation (LPE) flaw involving arbitrary memory-section creation via the CTFMON service.
The release of these exploits follows a series of previous zero-day leaks by the same researcher, who cites dissatisfaction with Microsoft’s bug reporting and patching process as the primary motivation. While YellowKey currently impacts TPM-only BitLocker configurations, the researcher claims that even TPM+PIN environments are theoretically vulnerable. Microsoft has stated they are investigating the reports but emphasized their support for coordinated vulnerability disclosure.