privilege escalation

Winsage
July 14, 2026
Microsoft released its July 2026 Patch Tuesday cumulative updates for Windows 11, addressing numerous security vulnerabilities and enhancing Secure Boot functionalities. The updates include: - KB5101650 for Windows 11 25H2 and 24H2, updating systems to builds 26200.8875 and 26100.8875. - KB5101649 for Windows 11 26H1, updating devices to build 28000.2525. The release addresses a total of 622 Microsoft Common Vulnerabilities and Exposures (CVEs), including: - 416 vulnerabilities in Windows. - Fixes for Microsoft Office, Edge, Exchange Server, SharePoint Server, SQL Server, Defender, and Azure services. Key vulnerabilities fixed include: - CVE-2026-50661: A BitLocker Security Feature Bypass vulnerability. - CVE-2026-56155: An AD FS Elevation of Privilege vulnerability that has been exploited. - CVE-2026-56164: A SharePoint Server Elevation of Privilege vulnerability. The updates also introduce new Secure Boot certificates, rectify issues from previous patches affecting third-party applications, and incorporate curl 8.21.0 for security improvements. Users are advised to back up data before installation, which requires a system reboot.
Winsage
June 15, 2026
A cybersecurity researcher known as “Nightmare Eclipse” has revealed two zero-day exploits threatening Windows systems: RoguePlanet and GreatXML. RoguePlanet targets Microsoft Defender, allowing attackers to execute privileged actions and gain SYSTEM-level access on Windows machines. It is a local privilege escalation vulnerability that remains effective on fully updated systems. GreatXML claims to bypass BitLocker disk encryption by manipulating the Windows Recovery Environment, potentially granting access to protected files. However, its effectiveness may be overstated, as it might require administrator-level access. Microsoft advises organizations to implement security updates, treat lost or accessible devices as high-risk, enforce stricter policies, and monitor threat intelligence to mitigate exposure to these vulnerabilities.
Winsage
June 12, 2026
Nightmare-Eclipse, also known as Chaotic-Eclipse, has introduced two new exploits: RoguePlanet and GreatXML. RoguePlanet exploits a vulnerability in Windows Defender, allowing attackers to gain SYSTEM user access privileges by tricking a user into executing a script. This access enables attackers to execute commands beyond standard Administrator capabilities, siphon sensitive data, and install malware. GreatXML provides a method for bypassing BitLocker encryption by creating a specially crafted "unattend.xml" file and a "Recovery" directory on the Windows recovery partition. Microsoft has shifted its stance from threatening legal action against Eclipse and is now monitoring the situation, while Eclipse has postponed a planned mass disclosure of zero-day Windows vulnerabilities initially set for July 14 due to delays in developing RoguePlanet.
Winsage
June 11, 2026
Security researcher Chaotic Eclipse has released a Windows BitLocker bypass tool named GreatXML, following a previously disclosed exploit targeting Microsoft Defender. The discovery was made accidentally and took four hours. A critical vulnerability exists for users who have used the Windows Defender Offline Scan feature, making them susceptible to the BitLocker bypass. The exploit involves copying an XML file and a recovery folder to the recovery partition and rebooting into the Windows Recovery Environment (WinRE). If the Defender offline scan was not initiated, users must log in to start it or find a way to boot into WinRE in offline scan state. GreatXML is the second BitLocker bypass tool released by Chaotic Eclipse, following the earlier exploit known as YellowKey (CVE-2026-45585), which has been patched by Microsoft.
Winsage
June 11, 2026
The June update for Windows 11, identified as KB5094126 (OS Builds 26200.8655 and 26100.8655), introduces significant enhancements and numerous bug fixes and security patches. A key feature is a low-latency profile that improves responsiveness of core system elements like the Start Menu and Search by allowing the CPU to quickly reach maximum clock speed upon user interaction. This update also refines the Start Menu, improves app launch speeds, and addresses longstanding issues such as faster downloads from the Windows Store and optimized Windows Search results. New features include multi-app camera support, Shared Audio functionality for streaming to multiple Bluetooth devices, and the ability to personalize user folder names during installation. Additionally, the update resolves 206 security vulnerabilities, including a critical kernel-level remote code execution vulnerability (CVE-2026-45657) with a threat score of 9.8.
Search