YellowKey & GreenPlasma: Chaotic Eclipse Returns With an Unpatched BitLocker Bypass and a Windows CTFMON Privilege Escalation

What happened

The researcher known as Chaotic Eclipse, who previously published three unpatched Microsoft Defender zero-days under the names BlueHammer, RedSun, and UnDefend, has returned with two new Windows vulnerabilities. The first, codenamed YellowKey, is a BitLocker bypass that functions through the Windows Recovery Environment. The second, codenamed GreenPlasma, is a privilege escalation targeting the Windows Collaborative Translation Framework. Both remain unpatched as of this writing.

The researcher's previous disclosures triggered a public conflict with Microsoft. BlueHammer was formally assigned CVE-2026-33825 and patched by Microsoft last month. RedSun was apparently addressed silently without any advisory. The remaining Defender zero-days have since been exploited in the wild. Chaotic Eclipse attributed the continued disclosures to dissatisfaction with Microsoft's handling of the responsible disclosure process, and has promised a "big surprise" timed to coincide with the June 2026 Patch Tuesday release.

YellowKey: BitLocker Bypass via Windows Recovery Environment

YellowKey affects Windows 11 and Windows Server 2022 and 2025. The researcher described it as "one of the most insane discoveries I ever found," likening the vulnerability to a built-in backdoor. The attack surface is the Windows Recovery Environment — WinRE — the built-in pre-OS troubleshooting framework that exists specifically to repair unbootable Windows systems.

The attack chain involves placing specially crafted "FsTx" files on either a USB drive or the EFI partition, connecting that USB drive to a target Windows machine with BitLocker enabled, rebooting into WinRE, and then holding the CTRL key to trigger a shell. The result is a command prompt with BitLocker unlocked rather than the expected recovery interface.

Security researcher Will Dormann independently reproduced the attack, confirming: "it looks like Transactional NTFS bits on a USB Drive are able to delete the winpeshl.ini file on ANOTHER DRIVE (X:). And we get a cmd.exe prompt, with BitLocker unlocked instead of the expected Windows Recovery environment."

Dormann highlighted a secondary concern with potentially broader implications: "While the TPM-only BitLocker bypass is indeed interesting, I think the buried lede here is that a \System Volume Information\FsTx directory on one volume has the ability to modify the contents of another volume when it is replayed. To me, this in and of itself sounds like a vulnerability."

The researcher was explicit that TPM+PIN protection does not prevent exploitation: "Second thing is, no, TPM+PIN does not help, the issue is still exploitable regardless." Physical access to the target machine is required. The vulnerability is present only in the WinRE environment, meaning it does not expose an attack surface on normally running systems — but it fundamentally undermines the security model that BitLocker is designed to enforce at the hardware layer.

GreenPlasma: Windows CTFMON Arbitrary Section Creation

GreenPlasma targets the Windows Collaborative Translation Framework and its associated monitor process, CTFMON. The flaw is described as a Windows CTFMON arbitrary section creation vulnerability: an unprivileged user can create arbitrary memory section objects inside directory objects that are writable by SYSTEM.

The practical consequence is that an attacker operating as a standard user — who normally cannot write to the locations where privileged services and drivers look for memory sections — can place attacker-controlled sections in paths that SYSTEM-level processes may implicitly trust. This enables manipulation of those privileged processes through section objects they were not expecting to find there.

The released proof-of-concept is deliberately incomplete. In its current form, it demonstrates the section creation primitive but does not contain the full exploit chain required to obtain a SYSTEM shell. Chaotic Eclipse confirmed this directly, leaving the remainder of the exploit as an exercise — or a signal that a more complete version exists and may be released later.

BitLocker Downgrade Attack via CVE-2025-48804

The disclosure arrives alongside a separate technical analysis from French firm Intrinsec detailing a distinct BitLocker attack chain that weaponizes CVE-2025-48804, a boot manager vulnerability with a CVSS score of 6.8. Microsoft patched this specific issue in July 2025.

The attack works by exploiting how the Windows boot manager handles System Deployment Image (SDI) files and the WIM references they contain. The boot manager verifies the integrity of a legitimate WIM but fails to detect a second WIM injected into the SDI with a modified blob table. While it is checking the first WIM, it boots from the second — an attacker-controlled WIM containing a WinRE image infected with cmd.exe. The result is that the BitLocker volume is decrypted and the attacker's code runs.

The patched version of the boot manager blocks this approach. The problem is that Secure Boot authenticates a binary's signing certificate, not its version. A vulnerable version of bootmgfw.efi signed with the trusted PCA 2011 certificate can be loaded without triggering any alert, even though it does not contain the July 2025 fix. Microsoft plans to retire the PCA 2011 certificates next month, but until the vulnerable signed binary is actively revoked, any attacker with physical access can load it deliberately as part of a downgrade attack.

Security researcher Cassius Garat summarized the architectural problem: "And as long as it is not revoked, even an old, vulnerable boot manager can be loaded without triggering an alert." To execute this attack, physical access to the target machine is required.

Risk level

High

Both YellowKey and GreenPlasma require physical access (YellowKey) or local unprivileged access (GreenPlasma) to exploit. Neither is remotely triggerable from a clean external position, which prevents these from reaching Critical severity. YellowKey's BitLocker bypass is nevertheless a significant threat model violation: BitLocker exists precisely to protect data on a device when an adversary has physical access. A bypass that works regardless of TPM+PIN configuration and operates through a built-in Windows subsystem is not a minor edge case — it is a direct compromise of the protection model that encrypted drives are supposed to provide.

GreenPlasma's incomplete PoC is a temporary limitation, not a permanent one. The section creation primitive itself is demonstrated and functional. A researcher or threat actor with sufficient motivation can complete the exploit chain. Microsoft's track record with the previous Defender disclosures from this same researcher — where BlueHammer was patched formally, RedSun was addressed silently, and the remaining flaws were actively exploited — suggests these vulnerabilities will receive attention. The question is timing.

The CVE-2025-48804 downgrade vector adds a third distinct attack path to the BitLocker threat model and is relevant for any organization that has not explicitly migrated their boot manager to the CA 2023 certificate and revoked the PCA 2011-signed binaries.

What to do

Neither YellowKey nor GreenPlasma has a vendor patch available from Microsoft. Until patches arrive:

1. For YellowKey: The primary control is physical access restriction to Windows 11 and Server 2022/2025 machines. A physically controlled machine cannot have a USB drive inserted to stage the FsTx files. For high-value endpoints, evaluate whether WinRE can be disabled or access to the recovery environment can be gated more restrictively

2. For GreenPlasma: Monitor vendor advisories for a patch and track the researcher's disclosures for any update to the PoC's completeness. Audit your exposure to CTFMON-related processes on sensitive endpoints

3. For the CVE-2025-48804 BitLocker downgrade issue: Enable a BitLocker PIN at startup to enforce preboot authentication — this adds a layer that the boot manager substitution alone cannot bypass. Migrate the boot manager to the CA 2023 certificate. Actively revoke the PCA 2011-signed boot manager binary once Microsoft retires those certificates next month

4. Track whether the remaining unpatched Defender zero-days (UnDefend and any future releases from this researcher) are being actively exploited in your threat environment and maintain detection logic for their known behavioral signatures

Analysis

The dynamic between Chaotic Eclipse and Microsoft has become one of the more uncomfortable public disclosure standoffs the security community has seen in recent years. The researcher's position is that Microsoft failed to handle the earlier disclosures responsibly — patching some without acknowledgment, leaving others unaddressed — and that the continued public release of zero-days is a direct consequence of that handling. Microsoft maintains its standard coordinated disclosure policy as the correct process. Neither position is straightforwardly wrong, which is part of what makes this particular situation difficult to resolve.

The practical consequence for defenders is that an active, motivated researcher is releasing working zero-day exploit code for Windows on a cadence driven by a personal dispute rather than a fixed disclosure timeline. The previous set of disclosures — BlueHammer, RedSun, UnDefend — moved from public PoC to active exploitation in the wild. The pattern is established. YellowKey and GreenPlasma should be treated as if active exploitation is a real near-term possibility, not a theoretical one.

YellowKey's specific attack surface is worth examining carefully from a threat modeling perspective. WinRE is a trusted subsystem. It is precisely the component that an administrator would use when trying to recover a compromised or malfunctioning system. A vulnerability in that environment that undermines BitLocker is particularly insidious because it targets the exact recovery scenario where full-disk encryption is meant to serve as the last protective layer. The fact that TPM+PIN — generally regarded as a stronger BitLocker configuration than TPM-only — does not prevent exploitation makes this worse.

Dormann's observation about cross-volume modification deserves to be treated as a separate research lead rather than a footnote. If Transactional NTFS bits on one volume can delete or modify files on another volume when WinRE replays them, the attack surface extends well beyond the specific WinRE shell trigger that Chaotic Eclipse demonstrated. That interaction may expose further exploitable conditions that have not yet been mapped.

The broader picture here — YellowKey, GreenPlasma, the CVE-2025-48804 downgrade chain, and the promise of more to come at June Patch Tuesday — represents a concentrated period of Windows security pressure with several unresolved exposure windows running simultaneously.