Researcher Drops YellowKey BitLocker Bypass and GreenPlasma Windows EoP Zero-Days

A researcher has publicly released two unpatched Windows zero-days. YellowKey is a BitLocker bypass that requires physical access to the target machine. GreenPlasma enables elevation of privileges to System level and does not require physical presence, making it chainable with any remote initial access vector.

Neither vulnerability has an associated Microsoft patch at time of disclosure. The release coincides with Pwn2Own Berlin 2026, where exploit research is often accelerated and coordinated disclosures published. GreenPlasma carries the more immediate risk for networked environments. Monitor Microsoft Security Response Center for advisories and apply patches or mitigations as they become available.