A brand new Home windows zero-day has turned BitLocker, certainly one of Microsoft’s most trusted data-protection options, into the middle of one other disclosure struggle.
The Register’s Jessica Lyons broke the information that safety researcher Nightmare Eclipse launched exploit code for a claimed BitLocker bypass known as GreatXML, which the researcher says can spawn a command immediate with broad entry to a protected BitLocker quantity. The discharge adopted one other zero-day, RoguePlanet, which SecurityWeek reported may exploit a Microsoft Defender race situation to realize SYSTEM-level privileges.
The larger concern for Home windows admins is not only one bug. It’s the tempo of public exploit drops, the uncertainty round Microsoft’s response, and the widening hole between accountable disclosure norms and what’s now unfolding in public.
What GreatXML claims to do
In response to The Register, Nightmare Eclipse claimed GreatXML can bypass BitLocker on techniques which have beforehand run a Microsoft Defender Offline scan. The researcher reportedly printed exploit code on GitHub and one other Git-based platform, describing the bug as an “unintentional discovery.”
The claimed assault entails copying particular recordsdata to the restoration partition, then rebooting into the Home windows Restoration Atmosphere. If profitable, the researcher mentioned the method would spawn a shell with entry to the BitLocker-protected quantity.
That declare is already being scrutinized. Safety researcher Will Dormann reportedly examined the steps and mentioned the write-up appeared flawed, noting that triggering Microsoft Defender Offline requires being logged in with admin credentials. In that situation, Dormann argued, an attacker could have already got sufficient entry to disable BitLocker via simpler means.
RoguePlanet provides to Microsoft’s zero-day headache
GreatXML landed simply after Nightmare Eclipse launched RoguePlanet, a separate Home windows exploit focusing on Microsoft Defender. SecurityWeek reported that RoguePlanet may result in native privilege escalation by exploiting a race situation, and that researchers validated it may spawn a command immediate with SYSTEM privileges on patched techniques.
The exploit’s reliability could fluctuate, and the researcher mentioned the proof of idea was examined on Home windows 10 and Home windows 11 machines with the June 2026 patches put in. It reportedly doesn’t work on Home windows Server in its present kind, although Nightmare Eclipse claimed server variations should be weak.
Microsoft informed The Register it was conscious of RoguePlanet and was “actively investigating the validity and potential applicability” of the claims. The corporate had not instantly responded to The Register’s questions on GreatXML.
Patch Tuesday didn’t finish the drama
Microsoft’s June Patch Tuesday addressed some earlier Nightmare Eclipse disclosures, and a number of other others now have patches, in response to The Register and SecurityWeek. The patched points embrace vulnerabilities tied to RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma.
Individually, Cyber Safety Information reported that Microsoft disclosed and patched a BitLocker safety function bypass tracked as CVE-2026-50507 on June 9. The flaw was rated Necessary with a CVSS rating of 6.8 and required bodily entry to use.
That patched BitLocker problem seems distinct from the newly claimed GreatXML bypass, although each underscore the identical drawback for safety groups: Home windows endpoint safety is beneath unusually public strain, and exploit particulars are shifting quicker than some organizations can patch, take a look at, and confirm publicity.
What safety groups ought to do now
For enterprise defenders, the sensible response continues to be acquainted: apply Microsoft’s June 2026 safety updates, prioritize uncovered or high-risk endpoints, and deal with misplaced or bodily accessible units as a extra severe menace class.
Safety groups also needs to overview Defender Offline utilization, protections for BitLocker restoration partitions, and endpoint tamper controls. GreatXML’s real-world practicality stays disputed, however public proof-of-concept releases can rapidly flip unsure analysis into attacker experimentation.
The disclosure struggle stands out as the loudest a part of the story, however for IT groups, the quieter query issues extra: whether or not Home windows safety controls are being examined quicker than organizations can harden them.
For extra on securing growing older Home windows techniques, try our information to the 5 choices accessible after Home windows 10 assist ends.
