An anonymous researcher known as Nightmare‑Eclipse dropped two fresh Windows zero‑days moments after Microsoft’s Patch Tuesday. The exploits, dubbed YellowKey and GreenPlasma, bypass BitLocker encryption and elevate privileges to SYSTEM, respectively. Detailed technical files were posted publicly, giving attackers a clear path to compromise encrypted laptops and gain full control of a vulnerable host for enterprise environments.

Security experts warned that YellowKey requires physical USB access but effectively turns BitLocker from a theft deterrent into a breach vector. Forescout’s VP Rik Ferguson said a stolen laptop would shift from a hardware issue to a notification liability. Mitigation suggestions include a BitLocker PIN and BIOS lock, in typical deployments, though no fix exists yet for GreenPlasma, whose PoC still triggers a UAC prompt.

YellowKey and GreenPlasma join a string of five Microsoft zero‑days released by the same researcher this year, following BlueHammer, RedSun and UnDefend exploits that have already seen real‑world abuse. The pattern suggests a retaliatory campaign, with the author claiming a dead‑man’s switch ready to fire more code. Organizations should prioritize patching as soon as Microsoft issues updates across all supported Windows versions.