Microsoft rolled out fixes for three zero-day vulnerabilities this Patch Tuesday, two of which let attackers escalate to SYSTEM privileges on fully patched Windows machines. A third flaw opens the door to drives protected by BitLocker encryption.
The patches address what researchers have dubbed YellowKey, GreenPlasma, and MiniPlasma — names that reflect the severity of the underlying issues. The privilege escalation bugs are particularly nasty because they work against systems that are otherwise fully up to date, meaning there was no prior workaround for admins who had been keeping current with updates.
The BitLocker-related vulnerability is another headache for enterprise security teams. If an attacker can bypass BitLocker protections, they gain access to encrypted data without needing the recovery key — a scenario that undermines one of the most widely deployed disk encryption solutions in the corporate world.
Organizations should prioritize deploying these patches immediately, especially the privilege escalation fixes which are likely to see rapid exploitation once details become more widely known.
Source: Bleeping Computer
