Windows Zero-Day Barrage: YellowKey, GreenPlasma, and MiniPlasma Disclosed Post-Patch Tuesday

A security researcher has disclosed three additional Windows zero-days — YellowKey, GreenPlasma, and MiniPlasma — continuing a six-week stream of vulnerabilities targeting Windows security primitives. YellowKey (CVE-2026-45585, CVSS 6.8) is a BitLocker security feature bypass for which Microsoft has issued a mitigation; no full patches for GreenPlasma or MiniPlasma have been released.

Administrators should apply the available YellowKey mitigation immediately and monitor Microsoft security advisories for patches covering the remaining two. Environments relying on BitLocker for device encryption on laptops or regulated workstations face elevated risk until full remediation is available.