shell Archives

Winsage

May 23, 2026

CVE-2026-45585: YellowKey BitLocker Bypass

BitLocker, a security feature for data protection, has a vulnerability identified as CVE-2026-45585, also known as YellowKey, which allows unauthorized access to encrypted data on Windows 11 versions 24H2, 25H2, 26H1, and Windows Server 2025. This flaw does not compromise BitLocker’s encryption but affects the recovery environment supporting it. The vulnerability can be exploited locally through the Windows Recovery Environment (WinRE) by an attacker with physical access, who can trigger an unrestricted shell and access the BitLocker-protected volume. Microsoft has provided two mitigation strategies: modifying the WinRE image to remove the autofstx.exe entry and transitioning from TPM-only protection to a TPM+PIN requirement at startup. The exploit poses challenges for detection, as it occurs pre-boot and currently lacks vendor-published indicators of compromise. Organizations using BitLocker for unattended devices are particularly at risk, as the vulnerability can lead to loss of confidentiality if an attacker gains access before the legitimate user.

Winsage

May 22, 2026

Microsoft says public sharing of Windows 11 vulnerability violates ‘best practices’

A security researcher known as Nightmare-Eclipse revealed a vulnerability in Windows 11, named YellowKey, which allows attackers to access BitLocker-encrypted drives through the Windows Recovery Environment. Microsoft acknowledged the vulnerability, assigned it the identifier CVE-2026-45585, and criticized the public sharing of its proof of concept. Currently, there is no patch available for the BitLocker bypass, but physical access to the device provides some protection. The vulnerability does not exist in Windows 10 due to differences in the Windows Recovery Environment. The attack requires a stolen Windows 11 laptop and a USB stick, and the vulnerable filesystems include NTFS, FAT32, and exFAT. Nightmare-Eclipse speculated that the bypass may function as a backdoor, while Microsoft referred to it as a "security feature bypass vulnerability."

Winsage

May 20, 2026

Microsoft shares mitigation for YellowKey Windows zero-day

Microsoft has addressed the YellowKey vulnerability, a zero-day flaw in Windows BitLocker identified as CVE-2026-45585. This vulnerability allows unauthorized access to BitLocker-protected drives through a specific exploitation process involving 'FsTx' files. The flaw was disclosed by an anonymous researcher known as 'Nightmare Eclipse.' Microsoft has released mitigation strategies, including removing the autofstx.exe entry from the Session Manager's BootExecute REGMULTISZ value and reestablishing BitLocker trust for WinRE. Additionally, users are advised to change BitLocker settings from "TPM-only" to "TPM+PIN" mode, requiring a pre-boot PIN for drive decryption, and to enable "Require additional authentication at startup" for unencrypted devices.

Tech Optimizer

May 19, 2026

Critical PostgreSQL Vulnerabilities Enables Code Execution and SQL Injections

The PostgreSQL Global Development Group has released security updates for versions 18.4, 17.10, 16.14, 15.18, and 14.23, addressing 11 vulnerabilities, including critical issues related to arbitrary code execution and SQL injection flaws. All supported branches from 14 through 18 are affected by vulnerabilities, necessitating updates. Database administrators can perform in-place upgrades without needing a dump/restore. Key vulnerabilities include: - CVE-2026-6637: Stack buffer overflow in the refint module allowing arbitrary code execution. - CVE-2026-6472: Privilege bypass and arbitrary SQL execution. - CVE-2026-6473: Potential remote code execution and memory corruption. - CVE-2026-6474: Server memory information leak. - CVE-2026-6475: Arbitrary file overwrite vulnerability. - CVE-2026-6476: SQL injection with superuser execution. - CVE-2026-6477: Client-side code execution risk. - CVE-2026-6478: MD5 credential timing leak. - CVE-2026-6479: SSL/GSS denial-of-service flaw. - CVE-2026-6575: Limited memory disclosure issue. - CVE-2026-6638: SQL injection in logical replication. Organizations using PostgreSQL 14 should upgrade to version 14.23 and plan migration to a newer version before the end-of-life on November 12, 2026. The updates are urgent for deployments exposed to the internet or in multi-tenant environments.

Winsage

May 18, 2026

MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems

Chaotic Eclipse has unveiled a proof-of-concept (PoC) for a Windows privilege escalation zero-day vulnerability, codenamed MiniPlasma, which targets the "cldflt.sys" component and could grant SYSTEM privileges on fully patched Windows systems. This vulnerability was initially reported to Microsoft by James Forshaw from Google Project Zero in September 2020. Although Microsoft was believed to have resolved it in December 2020 as part of CVE-2020-17103, further analysis indicates that the flaw remains unaddressed. Chaotic Eclipse demonstrated that the original PoC could still spawn a SYSTEM shell reliably on his machines. The vulnerability is believed to affect all versions of Windows, with confirmation that MiniPlasma opens a "cmd.exe" prompt with SYSTEM privileges on Windows 11 systems with the latest May 2026 updates, though it does not function on the latest Insider Preview Canary version. In December 2025, Microsoft addressed a separate privilege escalation flaw in the same component, identified as CVE-2025-62221, which had a CVSS score of 7.8 and was reportedly being exploited by threat actors.

Winsage

May 17, 2026

New Windows ‘MiniPlasma’ zero-day exploit gives SYSTEM access, PoC released

A cybersecurity researcher, known as Chaotic Eclipse, has released a proof-of-concept exploit for a Windows privilege escalation zero-day vulnerability called "MiniPlasma," which allows attackers to gain SYSTEM privileges on fully patched Windows systems. The vulnerability affects the cldflt.sys Cloud Filter driver and was reported by Google Project Zero in September 2020, assigned the identifier CVE-2020-17103, and claimed to be resolved by Microsoft in December 2020. However, Chaotic Eclipse asserts that the vulnerability remains unpatched. Testing confirmed that the exploit works on Windows 11 Pro, enabling command prompt access with SYSTEM privileges from a standard user account. Will Dormann, a vulnerability analyst, verified the exploit's effectiveness but noted it did not work in the latest Windows 11 Insider Preview Canary build. The exploit leverages the undocumented CfAbortHydration API to manage registry key creation improperly. Chaotic Eclipse has previously disclosed other Windows zero-day vulnerabilities and claims their actions are a protest against Microsoft's handling of vulnerabilities.

Winsage

May 17, 2026

Classic 7 is Windows 10 LTSC cosplaying as Windows 7

Classic 7 is a heavily modified version of Windows 10 IoT LTSC designed to replicate the aesthetics of Windows 7, incorporating real binaries from Windows 7 and earlier versions. It integrates features like the original Windows 7 Explorer and the Control Panel Restoration Pack, allowing users to experience a nostalgic interface while still receiving updates until 2032. Classic 7 has been in development for over a year and a half and is based on a collaborative effort using various tools, including Winaero Tweaker. However, it raises legitimacy concerns as it is a modified version of an Enterprise edition of Windows, which requires a Volume License Agreement, making it unsuitable for production use. Testing in a virtual environment revealed a positive experience, although initial installation faced challenges. Classic 7 supports contemporary applications and drivers, including a Firefox version styled to resemble Internet Explorer.

Winsage

May 17, 2026

I got tired of hunting through Windows for every setting, so I built my own control center

The utility created simplifies Windows management by consolidating various settings and diagnostics into a single interface. It provides an overview of system metrics such as DNS latency, system uptime, and temporary file accumulation. The application includes dedicated pages for health checks, network insights, services, scheduled tasks, drives, drivers, power plans, gaming toggles, privacy settings, and taskbar configuration. Each diagnostic is executed through PowerShell scripts, with results displayed in a user-friendly format. The utility maintains transparency by creating .reg backups before modifying the registry and allows users to revert changes easily. It is open-source, lightweight, and designed for personal use rather than debloating. The program's structure enables users to inspect and modify scripts, ensuring clarity and control over system adjustments.

AppWizard

May 16, 2026

All-girls Kingsbridge Heights team shines in NYC Minecraft sustainability competition

A group of six fifth-grade girls from P.S. 86 Kingsbridge Heights School won the Bronx championship in the Minecraft Education “Battle of the Boroughs,” competing against 3,395 students from 679 teams. They reached the Mayor’s Cup Final, where they presented a design for a cleaner, safer version of the Hunts Point Food Distribution Center. The team utilized Microsoft’s MakeCode for coding and emphasized teamwork and communication during their project. Key roles included Leeah Gonzalez as the speaker, Yafatou Bayo as the primary coder, and Zurisadai Quiroga-Vazquez as the presenter. The girls created a virtual version of their school with sustainable features and prioritized accessibility. Their teacher noted significant personal growth among the girls throughout the competition.

Winsage

May 16, 2026

I got tired of hunting through Windows for every setting, so I built my own control center

The utility developed streamlines access to Windows diagnostics and tweaks, consolidating functionalities typically spread across various settings panels into a single interface. It features an overview page with key system metrics and organized sections for health checks, network details, services, scheduled tasks, drives, drivers, power plans, gaming settings, privacy options, and taskbar adjustments. Each diagnostic is executed via PowerShell scripts that output JSON data for display. The application ensures transparency in registry changes by creating .reg backups before modifications and allows users to revert changes easily. It focuses on practical tweaks rather than debloating, maintaining a lightweight design without extensive features. The tool is open source and available on GitHub.