VulnerabilityBleeping Computer
7.8 — HIGH
Windows BitLocker zero-day gives access to protected drives, PoC released
A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
A Windows BitLocker zero-day vulnerability (YellowKey) and a privilege escalation flaw (GreenPlasma) were publicly disclosed, allowing attackers to bypass encryption and gain SYSTEM permissions, respectively.
⚙️Technical Details
CVEs
CVE-2026-33825
Affected Systems
Windows 11Windows Server 2022/2025
Attack Vectors
LOCAL
💥Impact Assessment
Severity: high
Who Is at Risk
Users of affected systems with BitLocker encryption, including organizations and individuals
🛡️Recommended Actions
1Apply the latest security patches to affected systems as soon as possible
2Use a strong PIN and BIOS password for BitLocker-protected drives
3Monitor system logs for suspicious activity and implement additional security controls
📦Affected Products
Microsoft Defender Antimalware Platform
🔐NVD Verified DataVERIFIED
CVE-2026-33825 ↗CVSS 7.8 — HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeaknesses
CWE-1220
Affected Products (CPE)
Microsoft Defender Antimalware Platform
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.