## Researcher 'Chaotic Eclipse' Discloses Two New Windows Zero-Days: BitLocker Bypass and CTFMON Privilege Escalation in Play
A security researcher operating under the alias Chaotic Eclipse has resurfaced with two unpatched vulnerabilities affecting Windows systems. The disclosures, named YellowKey and GreenPlasma, represent the latest in a string of findings from the same anonymous source who previously exposed three Microsoft Defender flaws. The new zero-days target core Windows security mechanisms, raising immediate concerns for enterprises and individuals relying on the operating system's built-in protections.

YellowKey enables a BitLocker bypass that circumvents the operating system's native disk encryption. GreenPlasma targets the Windows Collaborative Translation Framework (CTFMON), allowing privilege escalation from a standard user account to SYSTEM-level access. The researcher disclosed both findings anonymously, continuing a pattern of responsible-but-public exposure that places pressure on Microsoft to issue patches while leaving the details technically accessible.

The disclosure intensifies scrutiny on Microsoft's vulnerability response pipeline, particularly given the researcher's prior track record with Defender findings. BitLocker bypasses are especially valuable to attackers seeking physical access or ransomware operators seeking to compromise encrypted drives. CTFMON escalation, meanwhile, could enable malware to gain the highest privileges on a compromised machine. Organizations running Windows should monitor Microsoft's security advisories for forthcoming patches and evaluate compensating controls until fixes become available.
---
- **Source**: The Hacker News Echo RSS
- **Sector**: The Lab
- **Tags**: zero-day, BitLocker, CTFMON, Windows vulnerability, privilege escalation
- **Credibility**: unverified
- **Published**: 2026-05-14 12:18:20
- **ID**: 82988
- **URL**: https://whisperx.ai/en/intel/82988