On May 12, 2026, the day after the May Patch Tuesday, two zero-day vulnerabilities affecting Microsoft Windows were publicly disclosed without prior coordination with the vendor. The first, named YellowKey, enables a complete bypass of BitLocker volume encryption on Windows 11, Windows Server 2022 and Windows Server 2025 (1)(2). The second, GreenPlasma, is a local privilege escalation to SYSTEM that exploits the CTFMON process (3)(4). No CVE identifier has been assigned. No vendor patch is available. Functional proof-of-concept code has been publicly accessible on GitHub since disclosure.

The event goes beyond the usual scope of vulnerability analysis for two reasons. On one hand, YellowKey calls into question the real robustness of a security mechanism considered foundational in the Windows landscape for over a decade: the promise that volume encryption protects data against unauthorized physical access. On the other hand, these disclosures are part of a broader campaign conducted by a researcher operating under the aliases Chaotic Eclipse and Nightmare-Eclipse, whose stated motivation is to denounce the practices of the Microsoft Security Response Center. This dimension turns the case into a textbook example of trust breakdown within the responsible disclosure ecosystem.

To grasp the scope of the YellowKey and GreenPlasma disclosures, they must be placed within the timeline of a campaign that began in April 2026. The researcher, whose publications suggest possible former Microsoft employment (5), operates under two aliases: Chaotic Eclipse for analyses published on the deadeclipse666 blog (6), and Nightmare-Eclipse for code repositories on GitHub. The first publication, dated April 2, 2026, disclosed BlueHammer, a privilege escalation via Windows Defender. Microsoft subsequently assigned this vulnerability the identifier CVE-2026-33825 and released a patch at the April Patch Tuesday (5)(7). According to the researcher, in-the-wild exploitation of BlueHammer began four days before patch publication.

On April 15, 2026, the researcher published a second Defender exploit, RedSun. The following month, in a PGP-signed publication, the researcher claims Microsoft silently patched RedSun without publishing an MSRC advisory, without assigning a CVE, and without public communication despite active exploitation. This silent patching practice forms the core of the grievance against the vendor.

A third Defender vulnerability, UnDefend, completes the initial trilogy. The motivation stated by Chaotic Eclipse is a breach of trust. According to the researcher’s own writings, several prior vulnerability reports were allegedly rejected by MSRC on grounds of insufficient severity, before being silently fixed internally without retribution or public attribution. It is this dual practice, combining initial minimization with quiet exploitation of findings, that justifies the shift to uncoordinated public disclosure.

The researcher claims to maintain a dead man switch containing other exploits ready for publication, and has explicitly announced a new disclosure for the June 2026 Patch Tuesday (1)(2). These two vulnerabilities are not isolated discoveries: they are part of a pressure-based communication strategy in which each disclosure constitutes an act of escalation calibrated to maximize vendor embarrassment while raising the operational cost of MSRC’s posture.

YellowKey is described by its author as the most striking discovery of his career, and he openly raises the possibility that it could be a backdoor (2)(8). To assess this characterization, the mechanism must be examined with rigor.

BitLocker has been the volume encryption solution built into Windows since Windows Vista. On modern configurations, particularly on Windows 11 where it is enabled by default on compatible machines, BitLocker relies on the Trusted Platform Module (TPM) for key sealing. The canonical threat model is the following: an attacker with physical access to the machine, or who has stolen a hard drive, cannot access data without the recovery key, without the PIN if configured, and without the cryptographic attestation from the original TPM.

YellowKey breaks this model. The attack sequence, documented by the researcher and independently reproduced by Will Dormann, Kevin Beaumont, KevTheHermit and JaGoTu (1)(7), is as follows:

1. The attacker prepares a USB drive on which a directory named FsTx is created inside the System Volume Information folder.
2. Specially formatted files exploiting Transactional NTFS bits are placed in this directory.
3. The USB drive is connected to the target machine and the system is rebooted into the Windows Recovery Environment (WinRE).
4. The CTRL key is held during boot.
5. Instead of the expected recovery interface, the system opens directly into a cmd.exe shell with full and decrypted access to the BitLocker volume.

No recovery key is requested. No unlock sequence is visibly executed. No authentication appears in the flow. More troubling still, files placed on the USB drive are automatically deleted after execution, which significantly limits available forensic artifacts in a post-incident analysis (8).

YellowKey affects Windows 11 as well as Windows Server 2022 and Windows Server 2025. According to public testing, Windows 10 is not affected (2). The researcher specifies that a variant exists allowing the same target to be attacked without an external USB drive, by placing the files directly on the EFI partition of the target disk, although this variant is less reproducible according to independent tests (1).

On May 13, 2026, in a second PGP-signed publication on deadeclipse666, the researcher provides a particularly concerning detail: the vulnerability remains exploitable on BitLocker configurations combining TPM and PIN, which were until now considered the reference defense against physical access attacks.

The proof-of-concept for this variant has not been published, which leaves uncertainty regarding the exact nature of the bypass.

GreenPlasma, disclosed simultaneously with YellowKey, presents a different technical profile. It is a local privilege escalation to SYSTEM targeting the CTFMON process, namely ctfmon.exe, a component of the Collaborative Translation Framework responsible for advanced text input functions (3)(9). This process has the particularity of running as SYSTEM in every interactive Windows session, making it a privileged target for elevation attacks.

The researcher describes the vulnerability as a Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability (3). The exploitation mechanism, analyzed in detail by Het Mehta (4), relies on the ability of an unprivileged user to create an arbitrary memory section object inside a directory object writable by SYSTEM, within the Windows Object Manager namespace. The manipulation combines several registry tricks and permission handling techniques to lure CTFMON into interacting with a memory section it considers legitimate. The attacker thus gains control of a trusted memory area, into which shellcode or a malicious DLL can be injected.

The proof-of-concept published on the Nightmare-Eclipse/GreenPlasma GitHub repository is intentionally incomplete (3). The researcher has removed the final piece of the puzzle, the one that would yield a full SYSTEM shell, presenting the disclosure as a capture-the-flag for the community. In its current state, the PoC triggers a UAC prompt and requires additional weaponization to become fully silent.

GreenPlasma is confirmed functional on Windows 11, Windows Server 2022 and Windows Server 2026 (10). Its operational impact is asymmetric compared to YellowKey.

The most troubling element of the YellowKey case is an observation made by Chaotic Eclipse and picked up by several commentators: the component responsible for the bypass exists only in the WinRE image, and nowhere else, including on the Internet (9). Stranger still, a component bearing exactly the same name exists in a standard Windows installation, but does not contain the functionalities that trigger the BitLocker bypass. This asymmetry fuels the hypothesis of an undocumented recovery feature, intentionally present in WinRE to enable unlocking in technical support or advanced recovery scenarios, and never removed.

This hypothesis deserves to be examined without complacency, but also without dramatization. Several objective elements feed the suspicion. The exclusivity of the component to the WinRE image is unusual for a standard logic bug, which would normally result from an implementation error reproduced throughout the source code. The auto-deletion of artifacts on the USB drive after execution looks like behavior deliberately designed to limit traces, rather than a side effect. The very operation of the exploit, which opens a shell with direct volume access without a visible authentication step, evokes more an integrated bypass path than an emergent effect of combined bugs.

Conversely, several arguments favor a more prosaic explanation. Will Dormann’s analysis demonstrates that the underlying mechanism is compatible with a flaw in NTFS transactional replay handling, a complex subsystem historically prone to subtle behaviors. The ability to modify the contents of a volume from a directory located on another volume, via Transactional NTFS bits, may result from an incorrect implicit assumption regarding the isolation of transactional contexts. In this reading, the BitLocker bypass is a side effect of a deep logic bug, not a designed feature. This interpretation is supported by the existence, in Windows recent history, of structurally comparable vulnerabilities, such as the one that affected bootmgfw.efi signed with the PCA 2011 certificate and corrected in July 2025 (10).

In the absence of a vendor patch, organizations must assess their exposure and deploy available mitigations. Risk assessment must distinguish between two attack profiles.

YellowKey requires prior physical access to the target machine. Particularly exposed are professional laptop fleets, mobility workstations, mini-PCs deployed in uncontrolled environments, as well as Windows servers located in premises with shared or weakly supervised physical access. The concrete risk is that of targeted theft: a laptop stolen from a hotel room, a workstation left unattended in a shared open space, a hard drive extracted from end-of-life IT inventory without proper destruction procedures.

GreenPlasma fits a different threat model. The vulnerability requires prior unprivileged local access, which presupposes initial compromise by other means. Its impact manifests in the post-exploitation phase, where it facilitates escalation to SYSTEM, a classic prerequisite for lateral movement and persistent payload deployment.

YellowKey mitigations

• Strengthening physical protection of exposed terminals. Sealing of chassis, secure destruction procedures for end-of-life media, user awareness for mobile profiles.
• Systematic activation of BitLocker PIN at startup. Protection is not guaranteed according to the researcher, but it significantly raises the entry bar.
• Restriction or controlled disabling of the Windows Recovery Environment via reagentc, when an alternative recovery strategy is in place.
• Early migration to the CA 2023 certificate and revocation of PCA 2011, whose retirement is scheduled by Microsoft for June 2026.

GreenPlasma mitigations

• Behavioral detection at the EDR level on suspicious section object creations in the Windows Object Manager namespace.
• Monitoring of registry manipulations related to CTFMON and the Collaborative Translation Framework.
• Strict application of the principle of least privilege on user accounts.
• Standard Windows hardening and disabling of unnecessary CTF features.

To these technical mitigations must be added an organizational dimension often underestimated. Given the substantial media coverage of the case, general management and users of exposed organizations will formulate requests for clarification to security teams. Preparing factual internal communication, calibrated and aligned with the publicly available elements, helps avoid improvised reactions under media pressure.

The YellowKey and GreenPlasma case goes, by its nature and its ramifications, beyond the simple register of vulnerability analysis. It reveals three fault lines that deserve to be named.

First fracture, between Microsoft and part of the security researcher community. The practice of silent patching, long denounced by responsible disclosure stakeholders, today produces concrete operational effects: a cycle of uncoordinated public disclosures, calibrated to the Patch Tuesday rhythm, which turns every month into a security tension moment for Windows administrators. Whether Chaotic Eclipse’s stated motivation is legitimate or not, the fact that the strategy produces visible operational results at apparently low personal cost suggests that other actors could adopt the same posture if the vendor does not adjust its patch communication policy.

Second fracture, between the advertised security promise of volume encryption and the reality of its exposure. BitLocker benefits from a reputation for robustness built over two decades of marketing discourse and positioning as a trusted foundation for enterprise fleets. The YellowKey case does not destroy this robustness, but it reveals its conditional fragility: encryption security depends not only on the strength of the algorithm and TPM sealing, but also on the integrity of all Windows components that may interact with the decrypted volume, in particular the Windows Recovery Environment. This attack surface, vast and poorly mapped, must now enter the threat models of organizations relying on BitLocker.

Third fracture, deeper, between the actual complexity of modern Windows systems and the ability of their publishers to guarantee complete auditing. The WinRE component responsible for YellowKey, whether a logic bug or an undocumented feature, remained unnoticed for an indeterminate duration. Its late discovery questions the quality of internal audits, the effectiveness of bug bounty programs, and the robustness of code review processes for historical components of an operating system that aggregates decades of software layers. This question concerns not only Microsoft: it applies to all publishers maintaining mature operating systems, whose complexity has long since exceeded the exhaustive analysis capability of a human team.

The announcement by Chaotic Eclipse of a new disclosure for the June 2026 Patch Tuesday must be taken seriously. According to the researcher’s own track record, no announcement has ever been missed. The coming weeks will tell whether Microsoft chooses to modify its communication doctrine, whether the researcher community hardens or loosens its pressure, and whether the Windows chain of trust withstands this test without structural concession. Whatever the outcome, the YellowKey case will have constituted a documented turning point in the recent history of consumer operating system security.