Windows BitLocker zero-day gives access to protected drives, PoC released

A cybersecurity researcher has released working exploits for two unpatched Windows vulnerabilities that bypass BitLocker encryption and escalate privileges on affected systems.

The flaws, tracked as YellowKey and GreenPlasma, allow attackers to access data protected by BitLocker, Microsoft's full-disk encryption feature. YellowKey functions as a direct BitLocker bypass, while GreenPlasma enables privilege escalation. The researcher published proof-of-concept code publicly, making both vulnerabilities immediately exploitable.

BitLocker protects sensitive data on Windows systems by encrypting entire drives. Organizations and individuals relying on BitLocker for data protection now face direct exposure. An attacker with physical access to a locked machine or access to BitLocker-encrypted volumes can bypass encryption entirely using the YellowKey exploit. The GreenPlasma privilege-escalation flaw compounds the risk by allowing attackers to gain administrator-level control on vulnerable systems.

Microsoft has not yet released patches for either vulnerability. The public PoC release accelerates the timeline for attacks. Threat actors typically adopt published exploits within days or hours of release, meaning organizations face immediate risk.

The impact spans enterprise environments and consumer users. Laptops, desktops, and external drives encrypted with BitLocker become vulnerable. Organizations storing confidential data on BitLocker-protected systems should assume exploitation is possible.

Organizations should immediately evaluate their BitLocker deployments and implement compensating controls. Restricting physical access to devices, using firmware-level encryption, or deploying multi-factor authentication where possible limits exposure. Monitoring systems for signs of privilege escalation or unauthorized drive access provides detection capability.

Microsoft customers should monitor official security advisories for patch availability. The company historically prioritizes critical encryption flaws, but patch timelines vary. Until fixes ship, organizations must operate under the assumption that Bit