Georgios Kormpos

Update (May 20, 2026): Microsoft has assigned CVE-2026-45585 to YellowKey and issued official mitigation guidance. This article has been updated to reflect the latest developments. GreenPlasma and MiniPlasma remain unpatched with no CVEs assigned.

Imagine someone walking up to your locked laptop, plugging in a USB stick, and walking away with every file on your encrypted hard drive. No password. No decryption key. No brute force. Just — gone.

That’s not a hypothetical. That’s YellowKey, one of three unpatched Windows zero-day exploits dropped in May 2026 by a pseudonymous security researcher known as Chaotic Eclipse (also going by Nightmare Eclipse). And it gets worse: one of the three exploits exploits a bug Microsoft claimed to have fixed more than five years ago.

Let’s break it all down.

Who Is Chaotic Eclipse?

Nobody knows the real identity behind the handle. What we do know is that Chaotic Eclipse has been on a relentless six-week campaign of publicly disclosing Windows zero-days — each one dropping shortly after Microsoft’s monthly Patch Tuesday, like clockwork, as if to say: You patched what you found. Here’s what you missed.

Before YellowKey, GreenPlasma, and MiniPlasma, this same researcher had already disclosed:

• BlueHammer — a zero-day exploit (details vary by source, but it caused significant concern)
• RedSun — a local elevation of privilege (EoP) exploit
• UnDefend — a denial-of-service attack targeting Windows Defender itself

Each exploit came with a working proof-of-concept (PoC) published on GitHub, sometimes including compiled binaries — meaning anyone with basic technical skills could download and run them. This isn’t theoretical vulnerability research sitting in an academic paper. This is weaponized.

As for motive? Chaotic Eclipse has been clear: frustration with Microsoft’s Security Response Center (MSRC). The researcher claims Microsoft’s handling of vulnerability reports has been inadequate — slow responses, incomplete fixes, and what they perceive as a lack of urgency. Publishing working exploits publicly is the nuclear option in the vulnerability disclosure debate: it forces Microsoft’s hand by making the risk real and immediate.

YellowKey: The BitLocker Bypass That Shouldn’t Exist

Let’s start with the scariest one.

YellowKey is a full disk encryption bypass targeting Windows BitLocker. And it’s exactly as bad as it sounds.

What it does

YellowKey completely bypasses BitLocker drive encryption, giving an attacker with physical access to a machine full read access to the encrypted volume — without needing the BitLocker recovery key, without needing the user’s password, without breaking any cryptography.

How it works (in plain English)

1. The attacker needs physical access to the target computer — think a stolen laptop, an unattended workstation, or a kiosk machine.
2. They place a specially crafted folder called FsTx on a USB drive or in the EFI partition.
3. They boot the machine into the Windows Recovery Environment (WinRE) — something you can do by holding Shift and clicking Restart. This is a built-in feature on every Windows machine.
4. Here’s where it gets nasty: a flawed recovery process in WinRE hands the attacker a command prompt with full access to the encrypted drive.
5. They can now browse, copy, or exfiltrate any file. No decryption needed. No key needed. Nothing.

There’s one important caveat: this only works if BitLocker is configured in TPM-only mode — meaning the encryption unlocks automatically when the device boots, without requiring a separate PIN or USB key. And here’s the uncomfortable truth: TPM-only mode is the default configuration for most Windows deployments.

What’s affected

• Windows 11
• Windows Server 2022
• Windows Server 2025

Not affected: Windows 10.

Current status

Mitigation available, but no full patch yet. Microsoft has now assigned CVE-2026-45585 (CVSS 6.8) to YellowKey and issued official mitigation guidance — but a complete patch is still pending. The PoC remains publicly available.

Microsoft’s recommended mitigation involves two steps:

1. Remove autofstx.exe from WinRE’s BootExecute registry value — this closes the specific recovery path that YellowKey exploits to gain shell access through WinRE.
2. Switch BitLocker from TPM-only to TPM+PIN — requiring a PIN at boot adds an additional authentication factor that makes the WinRE bypass harder to exploit.

Important caveat: Some security researchers have noted that TPM+PIN may not be a complete solution on its own. The mitigation should be treated as a layered control — apply both steps together for the best protection, but understand that this is a workaround, not a definitive fix. A full patch from Microsoft is still needed.

Why it matters

BitLocker is supposed to be the last line of defense for data at rest. If someone steals your laptop, BitLocker is the thing standing between them and your company’s financial records, your clients’ personal data, or your proprietary source code. YellowKey removes that barrier entirely for the default configuration that most organizations are running.

This is especially dangerous for: laptops left in cars or hotel rooms, shared workstations in open-plan offices, branch office machines, kiosks and point-of-sale terminals, and any device using default BitLocker settings.

GreenPlasma: Slipping a Fake ID Past the Bouncer

If YellowKey is the blunt instrument, GreenPlasma is the subtle con.

What it does

GreenPlasma is a local privilege escalation (LPE) exploit. That means an attacker who already has some level of access to a Windows machine — say, through a phishing email or a malicious download — can use GreenPlasma to elevate their privileges from a regular user all the way up to SYSTEM, the highest privilege level in Windows. Think of SYSTEM as the master key to the entire operating system.

How it works (in plain English)

1. There’s a Windows component called ctfmon.exe (Collaborative Translation Framework Monitor). It handles text input features — language bars, handwriting recognition, that sort of thing. It runs in practically every Windows session, and it runs as SYSTEM.
2. GreenPlasma manipulates Windows registry settings and Object Manager permissions — the internal plumbing that controls which processes can access what.
3. It plants a malicious memory object in a location that only SYSTEM should be able to write to.
4. When ctfmon.exe naturally interacts with this planted object, the exploit triggers — and gives the attacker SYSTEM-level access.

Think of it like slipping a fake VIP badge into the stack at the door of an exclusive club. The bouncer — ctfmon.exe — picks it up, checks it, and waves you right through into the VIP room. Except the VIP room is full control of the operating system.

What’s affected

• Windows 11
• Windows Server 2022
• Windows Server 2026

Current status

Unpatched. No CVE assigned. No fix. The public PoC is partial — it currently triggers a UAC (User Account Control) prompt, meaning it’s not fully weaponized in its public form. But security researchers note that bypassing UAC is a well-understood problem, and a fully silent version is entirely possible.

Why it matters

GreenPlasma turns any initial compromise into full system takeover. That phishing email that an employee clicked? The malicious browser extension? The trojanized software download? With GreenPlasma, any of those footholds can be escalated to complete control of the machine.

This is particularly dangerous on multi-user systems, shared workstations, terminal servers, and any environment where users don’t have local admin rights (which, ironically, is supposed to be the safer configuration — GreenPlasma bypasses that entirely).

MiniPlasma: The Ghost of CVE-2020-17103

And now we get to the one that should make everyone at Microsoft very uncomfortable.

MiniPlasma is a local privilege escalation exploit — same end result as GreenPlasma, taking a regular user to SYSTEM. But the story behind it is what makes it extraordinary.

What it does

MiniPlasma exploits a race condition (a timing bug) in cldflt.sys, the Cloud Files Mini Filter Driver — a Windows component that manages files synced through OneDrive and similar cloud services. The exploit works on fully patched Windows 11, including systems running the May 2026 cumulative updates. The PoC is fully weaponized and publicly available with compiled binaries.

How it works (in plain English)

1. cldflt.sys handles “placeholder” files — those OneDrive files that appear in your folder but are actually stored in the cloud until you open them.
2. There’s a tiny timing window — a race condition — in how the driver checks permissions when handling these placeholder files.
3. MiniPlasma exploits this split-second window to manipulate access checks and create privileged objects it shouldn’t be able to create.
4. The result: a command prompt running as SYSTEM. Full control.

The shocking part: this was “fixed” in 2020

Here’s where the story takes a turn. This isn’t a new bug. This is essentially the same vulnerability that Google Project Zero researcher James Forshaw reported to Microsoft in September 2020. Microsoft assigned it CVE-2020-17103 and shipped a patch in the December 2020 Patch Tuesday.

Except — and this is the critical part — Chaotic Eclipse’s MiniPlasma PoC proves that the patch either didn’t fully address the underlying issue, or something in subsequent Windows updates re-introduced the vulnerability. Either way, a bug that Microsoft told the world was fixed over five years ago still works today on fully updated systems.

Independent verification

This isn’t just Chaotic Eclipse’s word against Microsoft’s. Security researcher Will Dormann has independently confirmed that MiniPlasma works reliably on fully patched Windows 11 systems with the May 2026 cumulative updates installed. This is verified. This is real.

Interestingly, MiniPlasma does not work on the latest Windows 11 Insider Canary builds — suggesting Microsoft may already be testing a fix. But Canary builds are experimental, and there’s no timeline for when (or if) that fix will reach regular users.

Current status

Unpatched on stable Windows. The original CVE-2020-17103 was supposedly resolved. No new CVE has been assigned for the current variant. The PoC is fully weaponized and publicly available. Microsoft’s official position is that they’re “investigating.”

Why it matters

A six-year-old bug that was “fixed” is still exploitable. The PoC works on the latest, most updated version of Windows. Anyone can download it from GitHub. This raises fundamental questions about the thoroughness of Microsoft’s patching process and whether “fixed” always means actually fixed.

Microsoft’s Response: Aware and Investigating

Microsoft’s response to the three zero-days has been evolving.

The company initially acknowledged it was “aware of the purported vulnerabilities and actively investigating” and reiterated support for “coordinated vulnerability disclosure.”

Since our initial reporting, there’s been a development: Microsoft has now assigned CVE-2026-45585 to YellowKey and issued official mitigation guidance (detailed in the YellowKey section above). However, a full patch is still not available.

Here’s where things stand across all three exploits:

• YellowKey — CVE-2026-45585 assigned. Mitigation guidance issued. No full patch yet.
• GreenPlasma — No CVE assigned. No patch. No official mitigation.
• MiniPlasma — Original CVE-2020-17103 was supposedly resolved in 2020, but the exploit still works. No new CVE assigned for the current variant. Appears mitigated in Insider Canary builds, but no patch for stable Windows.
• No timeline has been provided for when full patches will arrive for any of the three.

For organizations relying on Microsoft’s security ecosystem, the picture has improved slightly for YellowKey — but GreenPlasma and MiniPlasma remain unaddressed, and all three exploits still lack proper patches.

What This Means for Windows Security

Taken together, these three exploits paint a concerning picture:

Defense in depth has gaps. BitLocker, the flagship encryption product, has a bypass that works on its default configuration. Windows’ privilege management — the system that’s supposed to keep regular users from becoming administrators — has two separate bypass paths. These are fundamental security mechanisms failing in fundamental ways.

Patches aren’t always permanent. MiniPlasma is a stark reminder that a security patch is only as good as its completeness. If Microsoft’s 2020 fix for CVE-2020-17103 was incomplete, how many other “fixed” vulnerabilities are lurking? The company’s patch quality has been a recurring concern in the security community, and MiniPlasma adds powerful ammunition to that argument.

Public PoCs change the calculus. When a researcher publicly releases working exploit code — especially compiled binaries — the window for organizations to react slams shut. It’s no longer a theoretical risk discussed in security circles. It’s a tool that anyone can download and use. This dramatically lowers the barrier for attackers.

The disclosure debate is heating up. Chaotic Eclipse’s approach — full public disclosure with weaponized PoCs — is the aggressive end of the vulnerability disclosure spectrum. It’s controversial. Some in the security community argue it recklessly puts users at risk. Others argue it’s the only way to force vendors to take action. What’s undeniable is that it’s generating results: these vulnerabilities are now impossible to ignore.

What You Should Do Right Now

While we wait for Microsoft to respond with patches, here are practical steps you can take to reduce your exposure:

For YellowKey (BitLocker bypass):

• Enable TPM + PIN for BitLocker — not TPM-only. This is the single most effective mitigation. Requiring a PIN at boot means the attacker can’t use WinRE to bypass encryption, even with physical access. Yes, it’s slightly less convenient. Do it anyway.
• Disable USB boot in your BIOS/UEFI settings.
• Set firmware passwords to prevent unauthorized changes to boot configuration.
• Restrict physical access to sensitive machines — this exploit requires someone to physically touch the device.
• Monitor for unexpected WinRE usage in your endpoint detection logs.

For GreenPlasma (privilege escalation via ctfmon):

• Remove local admin rights from standard users — this is basic hygiene that also limits the damage from initial compromise.
• Use application allowlisting (AppLocker, Windows Defender Application Control) to restrict what can run on your systems.
• Monitor ctfmon.exe for abnormal behavior — unexpected child processes, unusual network connections, or SYSTEM-level activity originating from user sessions.
• Limit who can execute code on critical systems in the first place.

For MiniPlasma (privilege escalation via Cloud Files):

• Treat any local code execution as critical. MiniPlasma requires the attacker to already be able to run code on the machine. Your best defense is preventing that initial foothold — robust email filtering, endpoint protection, browser hardening, and user awareness training.
• Deploy Attack Surface Reduction (ASR) rules and ensure your EDR solution is configured to detect SYSTEM-level shells spawned from user contexts.
• Watch for the fix. If you have visibility into Windows Insider Canary builds, note that MiniPlasma appears mitigated there. When the patch hits stable, deploy it immediately.
• Audit OneDrive and cloud file sync configurations on sensitive systems — the exploit targets the Cloud Files filter driver.

General recommendations:

• Assume breach. With three public, unpatched zero-days in the wild, the threat landscape for Windows is more hostile than usual. Plan accordingly.
• Layer your defenses. No single control is reliable right now. Combine endpoint protection, network segmentation, access controls, monitoring, and user training.
• Watch Microsoft’s update channels closely for out-of-band patches or security advisories.

The Bottom Line

Three Windows zero-days — one now with a CVE and mitigation, the other two still untracked and unaddressed. Three different attack vectors — physical access bypass, privilege escalation through a text input component, and a ghost from 2020 that never really went away. All with public exploit code. All affecting fully patched, current versions of Windows.

Chaotic Eclipse may be motivated by frustration with Microsoft’s vulnerability handling, but the exploits are real, verified by independent researchers, and available to anyone who wants them. The debate about responsible disclosure is important, but it’s academic when the PoCs are already public.

Right now, the practical question isn’t whether these vulnerabilities exist — it’s what you’re going to do about it while Microsoft works on fixes. Enable that BitLocker PIN. Harden your endpoints. And keep one eye on Windows Update, because when these patches land, you’ll want them deployed fast.

The six-year-old bug is the one that should keep everyone up at night. If a fix from 2020 didn’t actually fix the problem, what else is hiding in the patch history?

---

Sources

• SecurityAffairs — Chaotic Eclipse discloses MiniPlasma zero-day
• BleepingComputer — New Windows MiniPlasma zero-day exploit gives SYSTEM access
• The Hacker News — MiniPlasma Windows 0-day enables SYSTEM
• SecurityWeek — Researcher drops YellowKey, GreenPlasma Windows zero-days
• Dark Reading — Windows zero-day barrage continues after Patch Tuesday
• Forbes — Microsoft Windows alert: Angry hacker drops 2 new zero-day exploits
• ThreatLocker — What YellowKey and GreenPlasma reveal about trusting native Windows security
• Trend Micro Advisory
• CybersecurityNews — Windows MiniPlasma zero-day
• Slashdot — Mystery Microsoft bug leaker keeps the zero-days coming
• BleepingComputer — Microsoft shares mitigation for YellowKey Windows zero-day
• HelpNetSecurity — YellowKey BitLocker mitigation: CVE-2026-45585
• CybersecurityNews — Windows BitLocker YellowKey mitigation