Now Playing
BitLocker Crisis: 5 Bypass Techniques, 2 Unpatched Zero-Days & a Disclosure Breakdown
Audio is available on Spreaker — see link below.
Five BitLocker bypass techniques surfaced in seven days — two are unpatched zero-days, one is actively exploited, and a researcher is threatening more disclosures before June's Patch Tuesday. Today's briefing unpacks every attack path, from YellowKey's USB exploit to Intrinsec's five-minute boot downgrade on a fully patched Windows 11 system.
Audio is available on Spreaker — see link below.
Five separate BitLocker bypass techniques became public knowledge in the span of seven days. That's not a patch cycle problem.
The two new zero-days come from a researcher operating under the name Chaotic Eclipse. The first, called YellowKey, targets the Windows Recovery Environment.
The earlier Chaotic Eclipse disclosure, CVE-2026-33825, known as BlueHammer, targeted Microsoft Defender. That one did get patched.
Separately, researchers at Intrinsec demonstrated a different attack path entirely. They used a malicious WIM injection targeting CVE-2025-48804 to perform a boot manager downgrade, bypassing BitLocker on a fully patched system in under five minutes.
The thread connecting most of this is the breakdown in coordinated disclosure. Chaotic Eclipse moved to public release after what appears to be a dispute over Microsoft's response timeline and transparency.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.