A brand new Home windows zero-day has turned BitLocker, one in all Microsoft’s most trusted data-protection options, into the middle of one other disclosure battle.
The Register’s Jessica Lyons broke the information that safety researcher Nightmare Eclipse launched exploit code for a claimed BitLocker bypass known as GreatXML, which the researcher says can spawn a command immediate with broad entry to a protected BitLocker quantity. The discharge adopted one other zero-day, RoguePlanet, which SecurityWeek reported might exploit a Microsoft Defender race situation to realize SYSTEM-level privileges.
The larger concern for Home windows admins isn’t just one bug. It’s the tempo of public exploit drops, the uncertainty round Microsoft’s response, and the widening hole between accountable disclosure norms and what’s now unfolding in public.
What GreatXML claims to do
In accordance with The Register, Nightmare Eclipse claimed GreatXML can bypass BitLocker on methods which have beforehand run a Microsoft Defender Offline scan. The researcher reportedly printed exploit code on GitHub and one other Git-based platform, describing the bug as an “unintentional discovery.”
The claimed assault includes copying particular information to the restoration partition, then rebooting into the Home windows Restoration Surroundings. If profitable, the researcher mentioned the method would spawn a shell with entry to the BitLocker-protected quantity.
That declare is already being scrutinized. Safety researcher Will Dormann reportedly examined the steps and mentioned the write-up appeared flawed, noting that triggering Microsoft Defender Offline requires being logged in with admin credentials. In that state of affairs, Dormann argued, an attacker might have already got sufficient entry to disable BitLocker by way of simpler means.
RoguePlanet provides to Microsoft’s zero-day headache
GreatXML landed simply after Nightmare Eclipse launched RoguePlanet, a separate Home windows exploit concentrating on Microsoft Defender. SecurityWeek reported that RoguePlanet might result in native privilege escalation by exploiting a race situation, and that researchers validated it might spawn a command immediate with SYSTEM privileges on patched methods.
The exploit’s reliability might differ, and the researcher mentioned the proof of idea was examined on Home windows 10 and Home windows 11 machines with the June 2026 patches put in. It reportedly doesn’t work on Home windows Server in its present type, although Nightmare Eclipse claimed server variations should be susceptible.
Microsoft advised The Register it was conscious of RoguePlanet and was “actively investigating the validity and potential applicability” of the claims. The corporate had not instantly responded to The Register’s questions on GreatXML.
Patch Tuesday didn’t finish the drama
Microsoft’s June Patch Tuesday addressed some earlier Nightmare Eclipse disclosures, and several other others now have patches, in keeping with The Register and SecurityWeek. The patched points embrace vulnerabilities tied to RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma.
Individually, Cyber Safety Information reported that Microsoft disclosed and patched a BitLocker safety characteristic bypass tracked as CVE-2026-50507 on June 9. The flaw was rated Necessary with a CVSS rating of 6.8 and required bodily entry to take advantage of.
That patched BitLocker situation seems distinct from the newly claimed GreatXML bypass, although each underscore the identical drawback for safety groups: Home windows endpoint safety is beneath unusually public strain, and exploit particulars are transferring quicker than some organizations can patch, take a look at, and confirm publicity.
What safety groups ought to do now
For enterprise defenders, the sensible response continues to be acquainted: apply Microsoft’s June 2026 safety updates, prioritize uncovered or high-risk endpoints, and deal with misplaced or bodily accessible gadgets as a extra severe menace class.
Safety groups must also evaluation Defender Offline utilization, protections for BitLocker restoration partitions, and endpoint tamper controls. GreatXML’s real-world practicality stays disputed, however public proof-of-concept releases can rapidly flip unsure analysis into attacker experimentation.
The disclosure battle would be the loudest a part of the story, however for IT groups, the quieter query issues extra: whether or not Home windows safety controls are being examined quicker than organizations can harden them.
For extra on securing growing old Home windows methods, take a look at our information to the 5 choices accessible after Home windows 10 assist ends.
