Microsoft patched three Windows zero-days, including GreenPlasma and MiniPlasma, which can give local attackers SYSTEM privileges on fully patched systems. The update also fixes YellowKey, a Windows Recovery Environment flaw that can bypass BitLocker protection on affected Windows 11 and Windows Server systems. #GreenPlasma #MiniPlasma #YellowKey #Microsoft #WinRE #BitLocker
Keypoints
- Microsoft fixed two privilege escalation zero-days, GreenPlasma and MiniPlasma.
- Both flaws can grant SYSTEM access on fully patched Windows systems.
- YellowKey can bypass BitLocker on vulnerable Windows devices with physical access.
- All three vulnerabilities were disclosed by researcher Nightmare Eclipse.
- Microsoft included mitigations for YellowKey in its June 2026 Patch Tuesday updates.