A newly disclosed “GreatXML” exploit is reported to bypass Windows BitLocker protection by leveraging files on the system’s Recovery Partition. Multiple sources describe how the exploit targets how Windows handles Recovery Mode content, specifically involving XML files located in the Recovery Partition. The researcher credited with the discovery is described as Chaotic Eclipse (also known by aliases including Nightmare-Eclipse and MSNightmare). The discovery is also linked to earlier work involving Microsoft Defender’s Offline Scan: one account says the proof of concept (PoC) uses that offline scanning process to spawn a SYSTEM shell after rebooting in Recovery Mode, which then enables the BitLocker bypass. Another source frames the bypass as occurring through the use of recovery partition XML files. The reports note that the researcher released details shortly after publishing an exploit for Microsoft Defender, describing the work as an accidental find that took a limited amount of time. Across coverage, the common theme is that GreatXML uses a chain involving Recovery Mode and Defender-related offline behavior to achieve elevated access and circumvent BitLocker, with the PoC tied to recovery partition components. The reports do not describe a specific mitigation in the provided excerpts.
GreatXML exploit bypasses Windows BitLocker using Recovery Partition XML files
A newly disclosed “GreatXML” exploit is reported to bypass Windows BitLocker protection by leveraging files on the system’s Recovery Partition. Multiple sources describe how the exploit targets how Wi...
- A “GreatXML” exploit is reported to bypass Windows BitLocker.
- The exploit uses Recovery Partition XML files and involves booting into Windows Recovery Mode.
- The PoC is described as spawning a SYSTEM shell in connection with Microsoft Defender Offline Scan behavior.
- The researcher behind the disclosure is identified as Chaotic Eclipse (with multiple aliases).
- The disclosure follows an earlier public exploit related to Microsoft Defender, released shortly before GreatXML.
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in a post on Blogger. "If you ever attempted to use Windows Defender Offline Scan, you're
6 hours agoThe PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode. The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first on SecurityWeek.
14 hours ago
Canada introduces bill to bar under-16s from social media and regulate AI chatbots
Canada introduces a bill that would restrict children under 16 from using social media and create new safety requirement...
Four men charged after alleged drive-by slingshot attacks on pedestrians across Brisbane
Police in Brisbane charge four men following a series of alleged drive-by slingshot attacks on members of the public acr...
Bill Gates tells US lawmakers Epstein used his affairs to pressure him
Bill Gates tells a US House Oversight Committee that Jeffrey Epstein tried to pressure him using information about Gates...