"Nightmare-Eclipse described YellowKey as "one of the most insane discoveries I ever found." They provided the files, which have to be loaded onto a USB drive, and if the attacker completes the key sequence correctly, they are granted unrestricted shell access to a BitLocker-protected machine."
"When it comes to claims like these, we usually exercise some caution, as this bug requires physical access to a Windows PC. However, seeing that BitLocker acts as Windows' last line of defense for stolen devices, bypassing the technology grants thieves the ability to access encrypted files."
"Rik Ferguson, VP of security intelligence at Forescout, said: "If [the researcher's claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification.""
"Citing information shared in cyber threat intelligence circles, he added that YellowKey can be mitigated by implementing a BitLocker PIN and a BIOS password lock."
Nightmare-Eclipse has released details of two Windows vulnerabilities after Microsoft’s Patch Tuesday update. YellowKey is described as a BitLocker bypass that requires loading specific files onto a USB drive and completing a key sequence to obtain unrestricted shell access on a BitLocker-protected machine. GreenPlasma is described as a privilege escalation flaw that grants SYSTEM access to attackers. Security experts warn that the vulnerabilities are serious, especially because substantial exploitation information was published. Although YellowKey requires physical access, bypassing BitLocker removes protection for stolen devices and can expose encrypted files. Mitigations include using a BitLocker PIN and enabling a BIOS password lock.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]