BitLocker Archives

Winsage

June 12, 2026

Popular Windows 11 file manager Files gets improved tags, layouts, and new OneDrive icon

Files, a third-party file manager for Windows 11, has been updated to version 4.1.3, introducing several enhancements: - A "View size" button for each folder allows users to calculate folder sizes easily without changing settings. - File selection is retained when switching between different layouts. - Tag management has been streamlined, allowing users to remove tags via the context menu, toolbar, or Command Palette. - The OneDrive icon has been updated to reflect the current version from the OneDrive executable. - Bug fixes include resolving issues with tar archive extraction, crashes on the Signatures page, ensuring the Play action for single media files, correcting Smart Extract functions, addressing tag search issues, refreshing thumbnails, and displaying previously hidden BitLocker-locked drives. - A new Tree View sidebar feature is planned for future updates, enabling navigation of folders in an expandable hierarchy. Files can be downloaded from the Microsoft Store (paid version) or accessed through its official website (free version).

Winsage

June 11, 2026

Microsoft refuses to add this File Explorer feature, so the Files app stepped up

The Files app has introduced a feature in version 4.1.3 that allows users to calculate folder sizes on demand, which was not available in Windows 11's File Explorer. Users can toggle this option in Settings, and when disabled, a View size button appears in the Size column for easy access. The app now retains selection across different layouts, ensuring previously selected items remain highlighted. It also offers multiple methods for clearing tags from files, including options from the context menu, toolbar, and Command Palette. Additionally, the update features a refreshed OneDrive icon that reflects current branding, and several fixes have been implemented, including resolving issues with extracting tar archives and correcting display problems for BitLocker locked drives.

Winsage

June 11, 2026

New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files

Security researcher Chaotic Eclipse has released a Windows BitLocker bypass tool named GreatXML, following a previously disclosed exploit targeting Microsoft Defender. The discovery was made accidentally and took four hours. A critical vulnerability exists for users who have used the Windows Defender Offline Scan feature, making them susceptible to the BitLocker bypass. The exploit involves copying an XML file and a recovery folder to the recovery partition and rebooting into the Windows Recovery Environment (WinRE). If the Defender offline scan was not initiated, users must log in to start it or find a way to boot into WinRE in offline scan state. GreatXML is the second BitLocker bypass tool released by Chaotic Eclipse, following the earlier exploit known as YellowKey (CVE-2026-45585), which has been patched by Microsoft.

Winsage

June 11, 2026

Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows

Nightmare Eclipse has released a new zero-day vulnerability exploit called GreatXML, which allows unrestricted access to BitLocker volumes on Windows systems that have previously run a Microsoft Defender Offline scan. This discovery was made in four hours and adds to Nightmare Eclipse's total of eight zero-day vulnerabilities. Microsoft is investigating the claims related to another exploit, RoguePlanet, but has not commented on GreatXML or provided a patch timeline. Nightmare Eclipse, rumored to be a former Microsoft employee, has faced backlash from the security community for previous disclosures and has vowed to continue releasing vulnerabilities. Security expert Will Dormann has raised concerns about the practicality of the GreatXML exploit, noting that it requires administrative access and questioning the accuracy of the instructions provided by Nightmare.

Winsage

June 11, 2026

Microsoft fixes BitLocker recovery bug on Windows Server 2025

Microsoft has resolved an issue affecting certain Windows Server 2025 devices that were booting into BitLocker recovery mode after the April 2026 security update. This issue was linked to specific BitLocker Group Policy configurations and required users to input their BitLocker recovery key upon the first restart after the update. However, this key would only need to be entered once for subsequent restarts, provided the group policy configuration remained unchanged. The problem primarily affected enterprise systems rather than personal devices. The issue arose under specific conditions: BitLocker was enabled on the operating system drive, a particular Group Policy was set, the Secure Boot State PCR7 Binding was "Not Possible," the Windows UEFI CA 2023 certificate was present, and the device was not already using the 2023-signed Windows Boot Manager. Microsoft released fixes in the KB5094125 and KB5093998 updates to address this problem, preventing devices with incompatible group policy configurations from installing the 2023-signed Windows Boot Manager. Event ID 1032 in the System event log indicates the issue when Windows updates are installed. For IT administrators unable to deploy the latest updates, it is recommended to remove the Group Policy configuration before installing updates or to implement a Known Issue Rollback (KIR) on affected devices. Additionally, Microsoft had previously addressed similar BitLocker recovery issues in August 2024 and May 2025.

Winsage

June 11, 2026

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

A new zero-day exploit named RoguePlanet has been discovered targeting Microsoft’s Windows operating system, disclosed by security researcher Nightmare Eclipse. The exploit allows local privilege escalation (LPE) by exploiting a race condition in Microsoft Defender and can facilitate remote code execution (RCE) through deceptive .vhd(x) files. RoguePlanet may also bypass BitLocker encryption. The proof-of-concept has been tested on Windows 10 and Windows 11 systems but does not function on Windows Server, although the researcher believes all Windows Server versions are vulnerable. Following its release, RoguePlanet was confirmed by other researchers to spawn a command prompt with SYSTEM privileges on patched computers. This disclosure comes after Microsoft released patches for earlier exploits by Nightmare Eclipse, including GreenPlasma and YellowKey. The researcher has expressed dissatisfaction with Microsoft’s vulnerability disclosure process, alleging legal action against them and the suspension of their GitHub account, leading to the publication of RoguePlanet under a new account.

Winsage

June 11, 2026

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft announced an update addressing 206 security vulnerabilities, including 39 classified as Critical and 167 as Important. The vulnerabilities include 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, 7 denial-of-service, and 3 tampering vulnerabilities. Notable critical flaws include CVE-2026-45657 (use-after-free in Windows Kernel, CVSS score 9.8), CVE-2026-47291 (integer overflow in Windows HTTP.sys, CVSS score 9.8), and CVE-2026-44815 (stack-based buffer overflow in Windows DHCP Client, CVSS score 9.8). Microsoft also addressed vulnerabilities related to BitLocker bypass (CVE-2026-45585 and CVE-2026-50507) and introduced a new registry setting to mitigate risks associated with CVE-2026-49160 (denial-of-service vulnerability). The increase in patches is attributed to the use of artificial intelligence in vulnerability discovery, with the current year's reported vulnerabilities surpassing the total from all of 2018.

Winsage

June 10, 2026

Microsoft’s biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days

Microsoft's recent Patch Tuesday release addressed 206 security vulnerabilities, marking the largest update since the program began in October 2003. Among these, 32 vulnerabilities are classified as critical, including three zero-day vulnerabilities that were disclosed before patches were available, though none are reported to be actively exploited. Notable vulnerabilities include: - CVE-2026-50507 in Windows BitLocker, with a CVSS score of 6.8, allowing unauthorized bypass of security features through physical attacks. - CVE-2026-49160 in HTTP.sys, with a CVSS score of 7.5, which can be exploited for remote denial-of-service attacks. - CVE-2026-45586 in the Windows Collaborative Translation Framework (CTFMON), with a CVSS score of 7.8, which could grant SYSTEM privileges to attackers.

Winsage

June 10, 2026

Microsoft patches record 198 Windows bugs in June update – and 3 are zero days

Microsoft's latest Patch Tuesday addressed 198 security vulnerabilities, the most extensive update in recent memory. Among these, 32 flaws are classified as critical, and three are zero-day vulnerabilities. The updates are detailed in KB articles: KB5094126 for Windows 11 versions 24H2 and 25H2, KB5093998 for version 23H2, and KB5094127 for Windows 10. The updates will automatically download and install, but users must verify their installation status and reboot their computers for changes to take effect. The vulnerabilities addressed this month are attributed to advancements in artificial intelligence, with companies like Microsoft leveraging AI models to expedite the identification and resolution of security flaws. The three zero-day vulnerabilities include one that allows an attacker to gain Windows System privileges through a flaw in file link resolution, another that could facilitate a denial-of-service attack via an HTTP vulnerability, and a third related to a flaw in Windows BitLocker that could enable data capture from an unpatched PC. Additionally, the update introduces new features to Windows 11, including new Secure Boot certificates, a Low Latency Profile for enhanced performance, support for shared audio devices for multiple Bluetooth connections, webcam functionality across multiple applications, and the ability to assign a custom name to the user folder during setup.

Winsage

June 10, 2026

Windows 11’s June update shuts down an intentional BitLocker backdoor with full file access

Microsoft addressed three zero-day vulnerabilities identified by security researcher Nightmare-Eclipse, named YellowKey, GreenPlasma, and MiniPlasma. The YellowKey vulnerability allows access to BitLocker-protected drives on Windows 11 using a USB key, leading to allegations that Microsoft may have left a backdoor in BitLocker. Microsoft implemented a mitigation strategy included in the June 2026 Patch Tuesday updates, which addressed over 200 security flaws. Tensions arose between Microsoft and Nightmare-Eclipse regarding vulnerability reporting protocols and researcher compensation, with Microsoft initially threatening legal action against the researcher. Following backlash, Microsoft retracted the threat but tensions persisted. Nightmare-Eclipse claimed retaliation from Microsoft, including the banning of their GitHub account and deletion of their Microsoft account, which Microsoft denied. The situation highlights the ongoing challenges in cybersecurity and the relationship between tech companies and security researchers.