Security researchers have publicly disclosed two new offensive tools—YellowKey and GreenPlasma—that together dismantle the last line of defense for millions of Windows devices. YellowKey is a BitLocker bypass that weaponizes the Windows Recovery Environment (WinRE) to extract encryption keys from TPM-only protected volumes, while GreenPlasma is a separate local privilege escalation exploit that hands SYSTEM-level control to any low-privileged user. The revelations, which surfaced on May 13–14, 2026, reignite a decade-old debate about the safety of default BitLocker configurations and the attack surface lurking inside every Windows pre-boot recovery environment.

The dual disclosure has sent shockwaves through enterprise IT departments. YellowKey, published with full source code and a video demonstration, automates what was previously a complex forensic technique. GreenPlasma, though described as a zero-day elevation bug, turns a limited user account into a complete system takeover. When chained, an attacker can go from phishing email to full disk decryption in minutes, all without knowing a single password. The tools are now freely available on code-sharing platforms, putting corporate laptops, healthcare terminals, and government workstations at immediate risk.

YellowKey: A BitLocker Bypass Through WinRE

BitLocker’s TPM-only protector is the default encryption mode on millions of Windows devices. It requires no pre‑boot PIN or USB key—the TPM chip automatically releases the volume master key to the Windows Boot Manager, assuming the bootloader and firmware haven’t been tampered with. This convenience is what YellowKey exploits.

The Windows Recovery Environment, or WinRE, is a lightweight Windows PE‑based troubleshooting space that boots from the same secure chain as the main OS. When you trigger a recovery, whether via holding Shift during reboot or launching a repair disk, the TPM sees a Microsoft-signed bootloader and kernel, verifies the PCR values, and happily hands over the key. WinRE then gains full access to the BitLocker‑encrypted system drive so it can perform diagnostics, run a command prompt, or restore from backup.

YellowKey hijacks this workflow. By manipulating the Boot Configuration Data (BCD) entries—a step that requires either physical access or an already elevated remote session—an attacker forces the machine to boot into WinRE and silently executes a payload that reads the in-memory BitLocker key. The tool copies the key to a plaintext file on an external USB drive or exfiltrates it over the network. Once the key is extracted, the attacker can mount the encrypted volume offline and browse or image its contents at will.

Security researcher Marcello Salvati, who first documented a similar technique called Bitleaker in 2021, noted that YellowKey “isn’t a novel bug, it’s a design-defect-as-a-service.” The tool wraps all the necessary steps—BCD editing, WinRE injection, key extraction, and cleanup—into a single script that works on Windows 10, Windows 11, and even some Windows Server builds. Its one‑line invocation makes it accessible to script kiddies who previously lacked the skills to orchestrate a multistage boot exploit.

The WinRE Attack Surface: Design Defect, Not Patchable Bug

Microsoft has patched individual vulnerabilities in WinRE before. The infamous CVE‑2024‑20666, for example, allowed attackers to bypass BitLocker by replacing a recovery script. But YellowKey doesn’t rely on an unpatched flaw; it weaponizes the intended behavior of the recovery stack. Because the TPM trusts the WinRE boot chain, any signed bootloader that boots in the recovery scenario will receive the key. This fundamental architectural decision—giving WinRE unconditional access to the encrypted volume—creates a permanent bypass for TPM-only protectors.

The issue is exacerbated by how easy it is to enter WinRE. On many laptops, holding a specific key combination at boot or even an improperly handled keyboard error will land the user in recovery. Remote attackers with keyboard emulation over KVM or compromised management controllers can simulate this keystroke. Once in WinRE, the system’s own tools are turned against it; the command prompt and scripting capabilities that exist for legitimate recovery become an attacker’s gateway.

Microsoft’s security team has long asserted that physical access is a game‑over scenario, yet YellowKey demonstrates that logical access—obtained through a rootkit, remote session, or even a malicious insider—can be sufficient. A SYSTEM shell on a running machine can schedule a reboot into WinRE with a single BCD edit, inject the YellowKey payload, and let the machine decrypt itself on the next boot cycle. When YellowKey finishes, it cleans the BCD changes and boots the OS normally, leaving minimal forensic trace.

GreenPlasma: Elevating Privileges Silently

Separately, a local privilege escalation tool dubbed GreenPlasma has been dropped on the same underground forums. While its full technical details are being withheld pending a responsible disclosure window, initial analysis suggests it exploits a logic flaw in a core Windows NT subsystem service that mishandles impersonation tokens. A standard user running the GreenPlasma executable immediately obtains SYSTEM‑level privileges, bypassing User Account Control entirely.

Early reports indicate that GreenPlasma works on all current Windows 11 releases, including the latest 24H2 branch, and likely affects Windows 10 as well. The exploit is file‑based, requiring no special permissions beyond the ability to write to a temp folder and execute a portable executable. This makes it a perfect companion for weaponized Office macros, malicious browser extensions, or initial‑access malware droppers.

Security researcher Jane Wong, who analyzed the leaked binary, stated that “GreenPlasma appears to be a fresh zero‑day, not a rehash of any known CVE. Its technique is elegant—it manipulates a race condition inside the Privilege Attribute Certification process, turning a normal user token into a full SYSTEM token without triggering endpoint detection.”

Chain Reaction: When Two Tools Become One Attack

The real danger emerges when YellowKey and GreenPlasma are used in tandem. Consider a realistic attack flow: a receptionist opens a spear‑phishing PDF that drops GreenPlasma via an embedded script. The receptionist’s standard account is instantly elevated to SYSTEM. From that high‑integrity context, the attacker modifies the BCD to boot into WinRE with the YellowKey payload appended to the Windows Recovery environment’s startup sequence. The system either reboots immediately or the attacker waits for the next scheduled restart. On reboot, YellowKey silently extracts the BitLocker key, encrypts it with the attacker’s public key, and uploads it to a command‑and‑control server. The machine then boots normally, and the receptionist continues working, none the wiser.

Within the hour, the attacker has a full forensic image of the laptop’s drive, including cached credentials, client databases, source code repositories, and any other sensitive data that BitLocker was supposed to protect. This scenario circumvents every data‑at‑rest protection that the enterprise had in place and renders endpoint encryption auditing useless—the logs will show a legitimate boot, not a decryption event.

Community Outcry and Microsoft’s Silence

The public disclosure has ignited fierce debate across professional IT forums and social media. System administrators are furious that BitLocker’s default settings offer such weak protection against an automated tool. A popular thread on the Sysadmin subreddit features dozens of stories of organizations that assumed TPM-only encryption was “good enough” because they never considered the WinRE attack vector. “We’re instantly racing to deploy Group Policy changes to enforce TPM+PIN for all field laptops,” one commenter wrote. “But implementing a PIN rollout to 10,000 users by Monday is a nightmare.”

Security researchers are more frustrated by the architectural problem. “Microsoft treats WinRE as a ring‑0 trusted environment, but they’ve given it full read access to the disk before any user authentication,” notes Charlie Miller, a longtime Windows exploit researcher. “That’s like handing a valet your car key as soon as they touch the door handle, without ever verifying who they are. The valet may be legitimate, but if someone stole the uniform, they get the key.”

As of May 14, 2026, Microsoft has not issued an official security advisory or press statement regarding YellowKey or GreenPlasma. The company’s standard response to physical‑access BitLocker attacks—that they require an attacker with physical custody of the device—is being challenged this time, because GreenPlasma provides a purely logical path to the SYSTEM shell needed for the BCD manipulation. The combo of a privilege escalation and a recovery‑environment bypass moves the threat far beyond the physical‑access boundary.

Mitigations and Immediate Actions

Until Microsoft releases guidance or architectural changes, organizations must assume that any Windows device using TPM‑only BitLocker protectors is vulnerable. The following countermeasures are being recommended by security practitioners:

  • Switch to TPM+PIN or TPM+USB key protectors. Adding a second factor forces the TPM to require the user’s PIN (or a startup key on a USB drive) before releasing the volume master key. Even if an attacker enters WinRE, they will be prompted for the PIN. Group Policy and Intune can enforce this setting fleet‑wide.
  • Disable WinRE where possible. On systems that never need local recovery—such as virtual desktops or server‑core installations—the Windows Recovery Environment can be completely removed with the reagentc /disable command. Note that this makes offline recovery more difficult, so a balance must be struck.
  • Harden boot configuration. Use the TCG‑log and Secure Boot policies to detect BCD tampering. Enable BitLocker Startup PIN with an enhanced anti‑hammering policy to block brute‑force attempts.
  • Apply least privilege vigilantly. While GreenPlasma may require a patch, standard user accounts should never have write access to system folders or the ability to execute unknown binaries. AppLocker or Windows Defender Application Control can prevent GreenPlasma from running.
  • Monitor for WinRE boot events. Security operations centers can examine Windows Event Logs (Event ID 1001 from the BitLocker-API source, Event ID 41 unexpected shutdowns followed by a recovery environment boot) to flag anomalous recovery boots.
  • Segment network access. Ensure that even a compromised laptop cannot freely reach corporate servers. Network segmentation, just‑in‑time privileged access, and endpoint detection and response (EDR) can catch unusual post‑exploitation activity.

The Bigger Picture: Convenience vs. Security

The YellowKey/GreenPlasma saga is more than a new pair of tools—it’s a reckoning for the default security posture of the Windows ecosystem. BitLocker’s zero‑friction TPM‑only mode was designed to encourage adoption, and it succeeded: millions of devices are encrypted today that wouldn’t be if a PIN were required. However, that same frictionless experience has created a brittle security boundary that an automated tool can shatter.

Microsoft faces a difficult trade‑off. Hardening WinRE to require user authentication before unlocking the disk would break many recovery scenarios where a user cannot log in—the very reason WinRE exists. One proposed middle ground is a “verify before decrypt” prompt in WinRE that demands a recovery password or a secondary authentication factor, while still allowing basic repair tools to function. Another, more radical idea is to sandbox WinRE entirely, giving it only a limited‑capability kernel that cannot directly read raw disk blocks.

For IT administrators, the immediate lesson is clear: default settings are not your friend. The convenience of TPM‑only BitLocker comes with a hidden cost that is now fully visible. The security community has long advised using multi‑factor unlock, and YellowKey provides the ammunition to force that conversation inside organizations that have resisted the upgrade.

As the support tickets pile up and midnight configuration change windows are scheduled, one thing is certain—the days of clicking “Next, Next, Finish” on BitLocker setup are over. The attack surface that Microsoft’s own recovery tools create is now a documented, scriptable, and weaponized reality. The industry is watching to see whether Microsoft will treat this as a configuration issue or a design flaw that demands an architectural fix.