‘GreatXML’ Zero-Day Exploit Bypasses BitLocker
Summary
A zero-day exploit named 'GreatXML' has been discovered that can bypass BitLocker drive encryption. The exploit leverages a vulnerability in Microsoft Defender's offline scan to gain SYSTEM shell access during a reboot in Recovery Mode.
IFF Assessment
This exploit directly undermines a critical security feature, BitLocker, making data on encrypted drives vulnerable.
Severity
This vulnerability allows for an attacker with physical access or the ability to trigger a reboot to bypass encryption and gain elevated privileges, representing a high severity threat.
Defender Context
This zero-day exploit targets a significant security control, BitLocker, and underscores the importance of vigilant patch management and monitoring for unusual system reboots or recovery mode activity. Defenders should be aware of potential physical access or social engineering vectors that could lead to the exploitation of this flaw.