Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
Summary
A security researcher has publicly disclosed two previously unknown Windows zero-day vulnerabilities. YellowKey is a BitLocker bypass that necessitates physical access, while GreenPlasma allows for privilege escalation to the System level.
IFF Assessment
The disclosure of zero-day vulnerabilities that allow for BitLocker bypass and privilege escalation presents a significant threat to defenders.
Severity
The vulnerabilities allow for privilege escalation to System and bypass of BitLocker encryption, both of which have critical impacts on confidentiality, integrity, and availability. The ease of exploitation (especially for GreenPlasma) and the direct impact on core Windows security features justify a high score.
Defender Context
The public disclosure of these zero-days, YellowKey and GreenPlasma, means that attackers could potentially exploit these flaws in Windows environments. Defenders should prioritize patching or implementing mitigations for BitLocker and privilege escalation mechanisms as soon as official fixes become available.