HIGH
GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse/MSNightmare) released GreatXML, a new unpatched bypass for Windows BitLocker that abuses recovery partition XML files. The proof-of-concept exploits Microsoft Defender’s offline scan feature to spawn a SYSTEM shell when a device reboots into Recovery Mode, defeating BitLocker’s disk encryption protections. The researcher says the discovery took roughly four hours and follows their earlier exploit targeting Microsoft Defender, published a day prior. No official Microsoft patch is available yet. Organizations relying on BitLocker for data-at-rest protection on lost or stolen devices should treat physical access as a higher-risk scenario until a fix ships.