Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
Microsoft patched three zero-day vulnerabilities in June 2026 affecting Windows systems. Two of these, GreenPlasma and MiniPlasma, allow local attackers to escalate privileges to SYSTEM on fully patched Windows systems. The third, YellowKey, is a backdoor in the Windows Recovery Environment that can be exploited by attackers with physical access to bypass BitLocker protection on unpatched Windows 11 and Windows Server 2022/2025 systems. These vulnerabilities were disclosed by a security researcher who also released proof-of-concept exploits. Microsoft released fixes as part of the June 2026 Patch Tuesday updates and provided mitigation guidance for YellowKey. No known exploits in the wild have been reported for these specific vulnerabilities at the time of disclosure.
AI Analysis
Technical Summary
In June 2026, Microsoft addressed three zero-day vulnerabilities: GreenPlasma (CVE-2026-45586) and MiniPlasma (CVE-2020-17103) are local privilege escalation flaws in the Collaborative Translation Framework (CTFMON) and Cloud Files Mini Filter Driver, respectively, enabling attackers to gain SYSTEM privileges on fully patched Windows systems. YellowKey (CVE-2026-45585) is a backdoor vulnerability in the Windows Recovery Environment (WinRE) that allows attackers with physical access to bypass BitLocker encryption on unpatched Windows 11 and Windows Server 2022/2025 devices. These vulnerabilities were disclosed by a researcher known as "Nightmare Eclipse," who also released proof-of-concept exploits. Microsoft released official patches for all three vulnerabilities in the June 2026 Patch Tuesday update and shared mitigation measures for YellowKey. The vendor criticized the premature public release of proof-of-concept code, which violated coordinated vulnerability disclosure best practices. No active exploitation of these three zero-days has been reported.
Potential Impact
Successful exploitation of GreenPlasma and MiniPlasma allows local attackers to escalate privileges to SYSTEM level on fully patched Windows systems, potentially enabling full control over the affected machines. Exploitation of YellowKey enables attackers with physical access to bypass BitLocker encryption on unpatched Windows 11 and Windows Server 2022/2025 systems, compromising the confidentiality of protected data. These vulnerabilities affect system security by enabling privilege escalation and encryption bypass, increasing the risk of unauthorized access and control.
Mitigation Recommendations
Microsoft has released official patches for GreenPlasma, MiniPlasma, and YellowKey vulnerabilities as part of the June 2026 Patch Tuesday updates. Applying these updates fully mitigates the risks associated with these zero-days. For YellowKey, Microsoft also provided mitigation guidance to defend against potential attacks prior to patching. Users and administrators should prioritize deploying the June 2026 security updates to affected Windows systems. No additional action is required beyond applying the official patches and following vendor guidance.
Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days
Description
Microsoft patched three zero-day vulnerabilities in June 2026 affecting Windows systems. Two of these, GreenPlasma and MiniPlasma, allow local attackers to escalate privileges to SYSTEM on fully patched Windows systems. The third, YellowKey, is a backdoor in the Windows Recovery Environment that can be exploited by attackers with physical access to bypass BitLocker protection on unpatched Windows 11 and Windows Server 2022/2025 systems. These vulnerabilities were disclosed by a security researcher who also released proof-of-concept exploits. Microsoft released fixes as part of the June 2026 Patch Tuesday updates and provided mitigation guidance for YellowKey. No known exploits in the wild have been reported for these specific vulnerabilities at the time of disclosure.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
In June 2026, Microsoft addressed three zero-day vulnerabilities: GreenPlasma (CVE-2026-45586) and MiniPlasma (CVE-2020-17103) are local privilege escalation flaws in the Collaborative Translation Framework (CTFMON) and Cloud Files Mini Filter Driver, respectively, enabling attackers to gain SYSTEM privileges on fully patched Windows systems. YellowKey (CVE-2026-45585) is a backdoor vulnerability in the Windows Recovery Environment (WinRE) that allows attackers with physical access to bypass BitLocker encryption on unpatched Windows 11 and Windows Server 2022/2025 devices. These vulnerabilities were disclosed by a researcher known as "Nightmare Eclipse," who also released proof-of-concept exploits. Microsoft released official patches for all three vulnerabilities in the June 2026 Patch Tuesday update and shared mitigation measures for YellowKey. The vendor criticized the premature public release of proof-of-concept code, which violated coordinated vulnerability disclosure best practices. No active exploitation of these three zero-days has been reported.
Potential Impact
Successful exploitation of GreenPlasma and MiniPlasma allows local attackers to escalate privileges to SYSTEM level on fully patched Windows systems, potentially enabling full control over the affected machines. Exploitation of YellowKey enables attackers with physical access to bypass BitLocker encryption on unpatched Windows 11 and Windows Server 2022/2025 systems, compromising the confidentiality of protected data. These vulnerabilities affect system security by enabling privilege escalation and encryption bypass, increasing the risk of unauthorized access and control.
Mitigation Recommendations
Microsoft has released official patches for GreenPlasma, MiniPlasma, and YellowKey vulnerabilities as part of the June 2026 Patch Tuesday updates. Applying these updates fully mitigates the risks associated with these zero-days. For YellowKey, Microsoft also provided mitigation guidance to defend against potential attacks prior to patching. Users and administrators should prioritize deploying the June 2026 security updates to affected Windows systems. No additional action is required beyond applying the official patches and following vendor guidance.
Technical Details
- Article Source
- {"url":"https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-yellowkey-greenplasma-miniplasma-zero-days/","fetched":true,"fetchedAt":"2026-06-10T10:10:49.110Z","wordCount":645}
Threat ID: 6a2938298dd33fbd852367c4
Added to database: 6/10/2026, 10:10:49 AM
Last enriched: 6/10/2026, 10:11:02 AM
Last updated: 6/10/2026, 2:57:07 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.