Security Affairs • 3w
GreatXML Zero-Day Bypasses Microsoft BitLocker via Windows Defender Offline Scan Artifacts
The GreatXML zero-day vulnerability, discovered by researcher Chaotic Eclipse, enables a practical bypass of Microsoft BitLocker drive encryption. The exploit leverages residual artifacts and side effects left by the Windows Defender Offline Scan process. By gaining physical access and utilizing the Windows Recovery Environment (WinRE), an attacker can manipulate these artifacts to achieve SYSTEM-level privilege escalation. This vulnerability is highly critical as it requires no user credentials and targets any Windows machine that has previously executed an offline scan. Currently, there is no available patch to mitigate this specific exploitation vector.
Links:Security Affairs, Cybersecurity News, gbhackers.com, Cyberpress, Infosec, Labs, Cybersecuritydive, horizon3.ai, csoonline.com, Fortifiedhealthsecurity, Techrepublic, Makeuseof, Ground, threatlocker.com, microsoft.com, F5, Bleepingcomputer, Hackersonlineclub, Infoq, Thehackernews, Pulse2, Helpnetsecurity, Techjacksolutions, Natlawreview •