On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives.
All three security flaws were disclosed last month by a security researcher using the "Nightmare Eclipse" handle in protest over how the Microsoft Security Response Center (MSRC) handles the disclosure process.
Dubbed "GreenPlasma" and "MiniPlasma," the two privilege escalation vulnerabilities (tracked as CVE-2026-45586 and CVE-2020-17103) were found in the Collaborative Translation Framework (CTFMON) and the Cloud Files Mini Filter Driver, and they allow local attackers to obtain a shell with SYSTEM permissions on fully patched Windows systems.
The third zero-day patched yesterday is known as YellowKey (tracked as CVE-2026-45585) and acts as a backdoor in the Windows Recovery Environment (WinRE), which is used to repair boot-related issues in Windows.
Attackers with physical access to the targeted devices can use a YellowKey exploit to bypass BitLocker protection on unpatched Windows 11 and Windows Server 2022/2025 systems.
