VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Zero-day: BitLocker bypass in WinRE (YellowKey) and CTFMON escalation (GreenPlasma)

Zero-day: обход BitLocker в WinRE (YellowKey) и эскалация через CTFMON (GreenPlasma)

Colleagues, two zero-days were discovered: YellowKey and GreenPlasma. YellowKey enables BitLocker bypass in Windows Recovery Environment via FsTx files on USB/EFI—loading WinRE yields a shell; TPM+PIN does not mitigate. The researcher and Will Dormann reproduced it. GreenPlasma is a CTFMON flaw allowing creation of arbitrary memory sections in SYSTEM-accessible directories; PoC is incomplete but risks escalation to SYSTEM. Also reported: bootloader rollback (CVE-2025-48804). Recommendations: enable PIN at boot and update the bootloader. Why it matters: pre-boot bypasses undermine data protection, often with physical access. What mitigations would you propose? #cybersecurity #Windows #BitLocker #vulnerabilities

Latest comments

No comments yet.