A frustrated security researcher has released two dangerous zero-day exploits targeting Windows systems after a dispute with Microsoft. The most severe, dubbed "YellowKey," completely bypasses BitLocker encryption on Windows 11 and Server 2022/2025 systems within minutes using just a USB stick or direct drive access.
The second exploit, "GreenPlasma," enables privilege escalation through the Windows CTFMON service, potentially giving attackers system-level control. Windows 10 remains unaffected by YellowKey due to different recovery architecture.
Microsoft hasn't patched these vulnerabilities yet. Security experts recommend using BitLocker PINs, strong BIOS passwords, and monitoring physical hardware access as immediate protection measures.
Source: Cyber Security News