Earlier this month, the cybersecurity community was stirred by the revelation of a zero-day exploit named YellowKey, unveiled by the researcher known as “Chaotic Eclipse” or Nightmare-Eclipse. This exploit grants access to BitLocker-protected drives on Windows 11 using a straightforward USB key. The researcher expressed their disbelief at the situation, stating, “Just can’t come up with an explanation besides the fact that this was intentional. Also, for whatever reason, only Windows 11 (+Server 2022/2025) is affected; Windows 10 is not.”
Microsoft’s Acknowledgment and Response
In response to the exploit, Microsoft has publicly acknowledged its awareness of the security feature bypass vulnerability within Windows. The company is tracking the YellowKey zero-day exploit under the identifier CVE-2026-45585 and has shared mitigation strategies to prevent unauthorized access to protected drives. Microsoft noted, “The proof of concept for this vulnerability has been made public, violating coordinated vulnerability best practices.”
Following these developments, Microsoft’s actions led to the banning of the GitHub account associated with Nightmare-Eclipse, prompting a transition to GitLab, as reported by Tom’s Hardware. In a detailed blog post, the researcher voiced their frustrations, stating, “So let me get this straight, when I actively asked you to communicate with me, you refused, humiliated me and made sure to insult me in front of people.”
Nightmare-Eclipse further elaborated on their grievances, claiming, “You defame me in public with your CVE-2026-45585 advisory even though you literally deleted the Microsoft account I used to report bugs to you with and I got zero pennies from doing so and I still happily did like an idiot.” They expressed their discontent with Microsoft’s handling of the situation, asserting, “Now you take the courtesy to flag my GitHub account and wipe it out of the public, just like that? You are proving to everyone that you actively escalating this conflict but I’m done begging you.”
As tensions escalate, Nightmare-Eclipse hinted at having evidence to support their claims, stating, “I might sound like crazy idiot who is whining around but I have proof for every single word I said, I just can’t release it yet. Why? Microsoft still has chains in my hands; it’s been like this for years, and I just can’t stay silent anymore. I hope I can release the documents soon.” They ominously noted, “Mark this date, July 14th, I will make sure your bones are shattered that day.”
The underlying issue appears to revolve around unpaid bounties from Microsoft’s MSRC program. Nightmare-Eclipse has indicated that their attempts to communicate with Microsoft have gone unanswered, leading to their frustration, as they lamented, “got zero pennies from doing so.”
For context, Microsoft’s MSRC program offers bounties ranging from ,000 to 0,000 for each endpoint zero-day, with potential rewards soaring to 0,000 for exploits that can bypass Hyper-V.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.
