RSS

Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

Bender1 pts0 comments

Nightmare Eclipse drops claimed BitLocker bypass for Microsoft Windows

Jump to main content

Search

REG AD

Security

Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

Another day, another Windows exploit code

Jessica Lyons

Jessica<br>Lyons

Published<br>thu 11 Jun 2026 // 18:51 UTC

Nightmare Eclipse, the prolific zero-day vulnerability hunter with an axe to grind against Microsoft, released yet another exploit late Wednesday that the researcher claims will spawn a command prompt that provides total access to the BitLocker volume.<br>This bug, called GreatXML, was “an accidental discovery,” according to the researcher, who said it only took four hours to find. They claim this exploit (published on GitHub and Git-based code-hosting platforms) can bypass BitLocker on any system that has ever run a Microsoft Defender Offline scan at any point in the past.<br>GreatXML comes just a day after Nightmare released exploit code for RoguePlanet, which allows local privilege escalation and leads to SYSTEM-level control over an affected machine. This brings the researcher’s zero-day count to eight. The earlier six - RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma - all have patches as of this week’s Patch Tuesday event.

REG AD

REG AD

Redmond on Wednesday told The Register that it is aware of RoguePlanet, and “actively investigating the validity and potential applicability of these claims.” The Windows giant didn’t immediately respond to our inquiries about GreatXML, including when it planned to issue a patch.<br>Microsoft has said none of the vulnerabilities were reported via its official channels prior to being made public. The company also banned Nightmare’s earlier GitHub account, and seemingly threatened legal action before dialing back its rhetoric after steep backlash from the security community.

MORE CONTEXT

Angry bug hunter with Microsoft beef drops new Windows 0-day

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

Microsoft reaches for olive branch after public dustup with 0-day researcher

Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops

Nightmare Eclipse, who some researchers suggest is an ex-Microsoft employee, harbors a very personal grudge against the Windows giant and its communications with bug hunters. They have promised to keep the zero-days coming, but waffle on the timing.<br>Last month, the researcher pledged a big July 14 drop: “I will make sure your bones are shattered that day,” and then added, “nothing will be released this June (or maybe I will release smtg, depending on circumstances).”<br>On Tuesday, they changed course. “I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me. I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg.”<br>A day later, Nightmare released the “accidental” GreatXML BitLocker bypass.<br>According to the researcher, the BitLocker bypass first requires copying “unattend.xml” and the “Recovery” directory to the root of the recovery partition. The next step is rebooting into WinRE by Shift-clicking Restart. “If everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn,” Nightmare wrote.<br>Also, if the scan hasn’t even been initiated on the Windows system, first you’d need to either log in and initiate it, or “figure out a way to boot into WinRE in offline scan state.”

REG AD

Security sleuth Will Dormann followed Nightmare’s steps to reproduce GreatXML, and said the writeup seems “flawed.” In his testing, Dormann said the command prompt appeared the next time a Defender Offline scan ran.<br>“And in order to trigger a Microsoft Defender Offline scan, you both need to be logged in to Windows, and also have admin credentials,” he wrote on social media. “And if you've already got that level of access, you can just turn off bitlocker.”<br>“The writeup for GreatXML suggests that the prerequisite is that Windows Defender Offline has been executed at some point in the past,” Dormann added. “And that after planting two files in WinRE, all you need to do is [Shift]-reboot into WinRE, and Windows will automatically go into Microsoft Defender Offline scan mode. But this is not the case in any of the 3 lineages of Win11 that I have handy.” ®

bitlocker<br>security<br>microsoft<br>windows defender<br>zero-day

REG AD

ai and ml

Google's new open-weights model brings image-generation tricks to AI text generation

Language model builds on diffusion tech to boost output performance by up to 4x, claims Chocolate Factory

Security

Microsoft's worst 'Nightmare' unleashes BitLocker bypass 0-day

Another day, another Windows exploit code

ZTE wins three Selular Award 2026 honors for AI-powered network innovation

PARTNER CONTENT: Recognized for breakthrough achievements in FWA, Network Ecosystem, and...

microsoft nightmare bitlocker windows bypass another

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.