YellowKey And GreenPlasma Laugh At Your Patch Tuesday
There is someone even more upset with Microsoft that you or I; releasing two more Windows zero days just after Patch Tuesday. YellowKey and GreenPlasma are both rather nasty, with YellowKey not only being the worst of the two but also the one that has been released in full. It is a way to break BitLocker protection, which is not great if you depend on it to protect lost laptops. It consists of a couple of files that can be loaded onto a USB drive and plugged into any laptop. A tiny bit of work and you will get unrestricted shell access to that BitLocker-protected machine. Thankfully applying polices requireing BitLocker PIN and a BIOS password lock will prevent the exploit from running.
GreenPlasma is still awful, but shouldn’t make you spit your coffee out. There was only part of the exploit code published, though enough for someone to figure out the rest, and it does currently trigger a UAC prompt that can prevent it from doing it’s thing. If it does successfully run, you are facing a privilege escalation flaw. Nightmare-Eclipse may have more flaws ready to reveal, they’ve already ‘gifted’ us with three this year in addition to the ones from last year.
Their war against Microsoft continues as they post more flaws to GitHub.
About the Author
