New BitLocker Bypass Exploit 'GreatXML' Emerges from Researcher Nightmare Eclipse
Researcher Nightmare Eclipse claims to have discovered 'GreatXML,' a zero-day vulnerability allowing BitLocker bypass on systems previously running Microsoft Defender Offline scans. This exploit, published on GitHub, is the researcher's eighth zero-day. Microsoft acknowledged an earlier exploit, 'RoguePlanet,' and is investigating 'GreatXML' claims, noting vulnerabilities were not reported through official channels.
Key points
- Researcher Nightmare Eclipse released 'GreatXML,' a claimed zero-day exploit targeting Microsoft BitLocker.
- The exploit reportedly bypasses BitLocker encryption on systems that have run Microsoft Defender Offline scans.
- This vulnerability was allegedly discovered in four hours and published on GitHub.
- GreatXML is Nightmare Eclipse's eighth zero-day exploit, with previous ones reportedly patched by Microsoft.
- Microsoft is investigating 'GreatXML' and confirmed awareness of a prior exploit, 'RoguePlanet,' but stated vulnerabilities were not officially reported.
A security researcher known as Nightmare Eclipse has released details of a new zero-day vulnerability, dubbed 'GreatXML,' which they claim can bypass Microsoft's BitLocker encryption. The researcher asserts that the exploit provides full access to BitLocker-protected volumes on any system that has previously undergone a Microsoft Defender Offline scan.
Nightmare Eclipse stated that GreatXML was an accidental discovery, taking approximately four hours to find. The exploit code has been made available on platforms like GitHub. This marks the eighth zero-day vulnerability attributed to the researcher, following six earlier exploits for which patches were reportedly issued by Microsoft during its recent Patch Tuesday event.
Microsoft has acknowledged awareness of a previously disclosed exploit by the same researcher, named 'RoguePlanet,' which is said to allow local privilege escalation. The software giant stated it is actively investigating the validity and potential impact of the claims. Regarding GreatXML, Microsoft had not immediately responded to inquiries about the exploit or a potential timeline for a patch. The company previously noted that none of the vulnerabilities discovered by Nightmare Eclipse were reported through official Microsoft security channels before public disclosure.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.