HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Microsoft Patches Critical Zero-Day Privilege Escalation and BitLocker Bypass Vulnerabilities (YellowKey, GreenPlasma, MiniPlasma)

Microsoft released June 2026 patches for three zero‑day flaws—GreenPlasma, MiniPlasma and YellowKey—that allow local attackers to obtain SYSTEM rights or bypass BitLocker encryption. The vulnerabilities affect all Windows 11 and Windows Server 2022/2025 deployments, making rapid patching essential for third‑party risk management.

LiveThreat™ Intelligence · 📅 June 10, 2026· 📰 bleepingcomputer.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
bleepingcomputer.com

Microsoft Patches Critical Zero‑Day Privilege‑Escalation and BitLocker‑Bypass Flaws (YellowKey, GreenPlasma, MiniPlasma)

What Happened — Microsoft released its June 2026 Patch Tuesday updates fixing three zero‑day vulnerabilities: GreenPlasma (CVE‑2026‑45586) and MiniPlasma (CVE‑2020‑17103) grant local attackers SYSTEM privileges on fully patched Windows machines, while YellowKey (CVE‑2026‑45585) is a backdoor in WinRE that lets an attacker with physical access bypass BitLocker on Windows 11 and Windows Server 2022/2025. The flaws were disclosed by the “Nightmare Eclipse” researcher after a dispute with Microsoft’s disclosure process.

Why It Matters for TPRM

  • Critical LPE bugs can be weaponised by threat actors to install ransomware or exfiltrate data even on fully patched endpoints.
  • YellowKey enables direct access to encrypted drives, undermining data‑at‑rest protection strategies.
  • The public proof‑of‑concepts increase the likelihood of rapid exploitation across any organization still running unpatched Windows versions.

Who Is Affected — All enterprises, government agencies, and service providers that run Windows 11, Windows Server 2022 or 2025, including MSPs and cloud‑hosted workloads that rely on these OS images.

Recommended Actions

  • Deploy the June 2026 cumulative update to all Windows endpoints immediately.
  • Verify that BitLocker recovery keys are stored securely and enforce strict physical‑access controls for laptops and servers.
  • Monitor for known YellowKey exploitation indicators (e.g., unexpected WinRE launches, abnormal BitLocker unlock attempts).
  • Review internal vulnerability‑management policies to ensure coordinated disclosure with vendors.

Technical Notes

  • Attack vectors: Local privilege escalation via the Collaborative Translation Framework (CTFMON) and Cloud Files Mini Filter Driver; physical‑access backdoor in WinRE.
  • CVEs: CVE‑2026‑45586 (GreenPlasma), CVE‑2020‑17103 (MiniPlasma), CVE‑2026‑45585 (YellowKey).
  • Data at risk: Encrypted files protected by BitLocker, system‑level credentials, and any data accessible after gaining SYSTEM rights.

Source: BleepingComputer

📰 Original Source
https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-yellowkey-greenplasma-miniplasma-zero-days/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →