Mystery Microsoft bug leaker keeps the zero-days coming
95 points
by e12e
4 hours ago
| 8 comments
| theregister.com
| HN
ndiddy
2 hours ago
[-]
I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data. https://github.com/Nightmare-Eclipse/YellowKey/ You load a specific file onto a flash drive, plug it into a Bitlocker encrypted computer, reboot it while holding a key combination, and it pops up a command prompt with full access to the encrypted volume. There's no way this isn't a backdoor.
reply
aiscoming
1 hour ago
[-]
this exploit works only if you dont use a PIN/password for your Bitlocker and the volume automatically unlocks

so it gives you access to an encrypted volume which automatically unlocks anyway

the only difference is that it immediately gives you root access to the volume instead of having to go through the Windows login procedure - this might be a stolen laptop you dont have an account on

reply
ndiddy
50 minutes ago
[-]
The author claims the exploit also works with TPM+PIN, he just hasn't released the PoC:

> Second thing is, No, TPM+PIN does not help, the issue is still exploitable regardless, I asked myself this question, can it still work in a TPM+PIN environment ? Yes it does, I'm just not publishing the PoC, I think what's out there is already bad enough.

https://deadeclipse666.blogspot.com/2026/05/were-doing-silen...

reply
aiscoming
35 minutes ago
[-]
they might mean "after you enter the bitlocker PIN you get root access without having a login password on the system" - still just a privilege escalation bug
reply
iscoelho
2 minutes ago
[-]
That’s quite a stretch, to say the least.
reply
otterley
1 hour ago
[-]
> I think the Bitlocker "vuln" is a good reminder not to use vendor provided encryption for any sensitive data

I don't think that's true. Some vendors have a better track record than others. Nobody's popped the storage encryption on iOS or MacOS devices yet AFAIK; and the fact that it's tied to a hardware secure element makes it pretty strong.

reply
Veserv
49 minutes ago
[-]
Ah yes, the bizarro world where systems are normally unhackable so the default assumption is impenetrable security and you need to prove they are insecure.

Thank god this is not the world where things get hacked all the time and where any claim of meaningful security is a extraordinary claim that demands extraordinary evidence and proof before credibly asserting it, but everybody just ignores that part and just pinky promises it and everybody just believes them for the 104th time without evidence.

reply
otterley
36 minutes ago
[-]
Sarcasm is not welcome on Hacker News.

https://news.ycombinator.com/newsguidelines.html

Please read and follow the guidelines. If you have something substantive to contribute, like a story about it being popped, or a technical critique of Apple’s implementation, please do so.

You may also refer to Apple’s platform security white paper: https://help.apple.com/pdf/security/en_US/apple-platform-sec...

reply
thefz
1 hour ago
[-]
You mean aside from the NSA? https://en.wikipedia.org/wiki/PRISM
reply
otterley
1 hour ago
[-]
I don't see anything on the linked page that supports a conclusion that NSA has successfully broken the encryption at rest of an Apple device's storage since they introduced the secure element.

Care to share a quote?

reply
ffsm8
1 hour ago
[-]
Prism targeted network communication to my knowledge, hence the data wouldn't be siphoned from at rest encrypted devices. Instead it would've been leaked before it was copied to that local encrypted device, whenever it was transmitted over the wire. Eg when your background task uploaded it to iCloud or similar.
reply
dcrazy
55 minutes ago
[-]
It’s worth remembering that since Snowden, much of iCloud is now end-to-end encrypted using keys that Apple cannot unwrap: https://support.apple.com/guide/security/secure-icloud-keych...
reply
ffsm8
44 minutes ago
[-]
Fwiw, that's a clear statement - but only that.

There is no way for us, the users, to know wherever they have the capability to add additional keys to decrypt the data because the platform isn't open source and doesn't have attestation wrt what's actually serving the requests.

And it's worth remembering that apple had similar articles published before prism too which were ultimately proven to be groundless by prism.

reply
otterley
30 minutes ago
[-]
What, exactly, was proven to be groundless?
reply
NDlurker
2 hours ago
[-]
Oh cool. My brother's old laptop is locked. Maybe this will help
reply
Charon77
1 hour ago
[-]
Only affects win11
reply
NDlurker
1 hour ago
[-]
Haha I texted him about this and he said he already re-installed Windows. Bad timing. It was just a couple weeks ago he told me about this.
reply
taspeotis
1 hour ago
[-]
Windows 11 is almost 5 years old at this point
reply
__alexander
3 hours ago
[-]
So weird that GitHub requires a login to view their BlueHammer repo.

https://github.com/Nightmare-Eclipse/BlueHammer

reply
tsujamin
2 hours ago
[-]
That warning also doesn’t render right on my iPhone (the buttons are overlapping slightly), and I don’t recall seeing it on other repos. Is it new/bespoke?
reply
purpleidea
2 hours ago
[-]
It's so obvious that many of the bugs being found are/were most likely M$ backdoors.

There doesn't seem to be any other plausible explanation. The reckoning needs to come and people need to stop using their products for good.

Would love a whistleblower to explain which part of the government or company forced it.

reply
anonymars
2 hours ago
[-]
Haven't there been heaps of vulnerabilities cropping up all over recently, including CopyFail and Dirty Frag?
reply
aussieguy1234
2 hours ago
[-]
Could the Bitlocker vulnerability be a backdoor mandated by some government agency?
reply
NordStreamYacht
2 hours ago
[-]
Laid off Microsoft researcher?
reply
ChrisArchitect
2 hours ago
[-]
Related:

YellowKey Bitlocker Bypass Vulnerability

https://news.ycombinator.com/item?id=48114997

reply
quxuejun
2 hours ago
[-]
i think so~
reply