The IT researcher behind the 'NightmareEclipse' project shows new vulnerabilities: 'YellowKey' in BitLocker and privilege escalation with 'MiniPlasma'.
The IT security researcher, who had already demonstrated the vulnerabilities “RedSun”, “UnDefend” and “BlueHammer”, is following up with further disclosures of security vulnerabilities in Windows.
“NightmareEclipse” or “Chaotic Eclipse” has discovered “YellowKey”, a severe security vulnerability in Windows' BitLocker drive encryption. Additionally, he has discovered another privilege escalation vulnerability “MiniPlasma” in a Windows driver. , Risk “high”). It is unclear whether the patch was ever withdrawn or if Microsoft simply did not distribute it.
In any case, the vulnerability – whichis intended to demonstrate how attackers can gain SYSTEM privileges with it, but Google's old PoC also reportedly still works. , local access is required.
However, a simple USB stick is sufficient for this. Attackers copy the folder “\System Volume Information\FsTx” to it. The file system must be compatible with Windows, such as FAT, FAT32, exFAT, or NTFS. This stick is then inserted into a computer with BitLocker enabled.
By holding down the Shift key during startup, the system must boot into the Windows Recovery Environment. In there, attackers click Restart and, instead of the Shift key, hold down the Ctrl key. This starts a shell with unrestricted access to the drive actually protected by BitLocker. This is said to work on Windows 11 and Server 2022 and 2025; the Windows Recovery Environment of Windows 10 is not affected.
What helps in BitUnlocker-derived attacks – an environment that relies on PIN entry before decryption and TPM protection – is apparently ineffective here, writes IT security expert Will Dormann has tested the exploit and reports on his findings on Mastodon. According to him, pressing and holding Ctrl is not necessary to gain access to the shell with BitLocker drive access.
The exact mechanism is still unclear, but it appears that the contents of other drives can be unlocked using the “\System Volume Information\FsTx” folder of a drive . However, a user report under Dormann's post suggests that the C drive was released for him, but the D drive was not.from mid-April grants attackers admin rights. This has apparently been fixed with the updates on last week's Patchday – without, for example, a CVE vulnerability entry.
IT Miniplasma Nightmareeclipse Rechteausweitung Security Sicherheitslücken Yellowkey
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Langsames Internet? Dahinter kann ein neues Windows-11-Update steckenNutzer melden mal wieder erhebliche Probleme mit Windows 11.
Read more »
Windows 11: BitLocker-Laufwerke komfortabel sperrenOffene BitLocker-Laufwerke per Klick sperren? So eine Option hat Microsoft bei der Entwicklung nicht mitgedacht. Mit ein paar Handgriffen klappts trotzdem.
Read more »
Schwachstelle in Windows: Wiederaktuelle Schwachstelle, bekannt als MiniPlasma, wurde erneut entdeckt und veröffentlichtEin Sicherheitsforscher hat eine Schwachstelle in Windows, bekannt als MiniPlasma, erneut entdeckt und veröffentlicht. Die Schwachstelle wurde bereits 2020 vom Google Project Zero entdeckt und war bekannt als CVE-2020-17103. Offiziell wurde sie geschlossen, aber dies scheint nicht ganz zu stimmen. Durch diese Schwachstelle können Angreifer von einem normalen Benutzerkonto aus Systemrechte erlangen, was die volle Kontrolle über den Rechner bedeutet.
Read more »
Windows 11: Microsoft bringt nach 5 Jahren beliebte Taskbar-Funktion zurückMicrosoft hat Windows 11 überarbeitet - und präsentiert dabei Verbesserungen an der Taskleiste, die von vielen Nutzer:innen jahrelang vermisst wurden. Auch am Startmenü werden Änderungen vorgenommen. Fünf
Read more »