Updated
Updated · Security Affairs · Jun 11
GreatXML Bypasses BitLocker With 2 Files, Granting SYSTEM Shell on Scanned Windows PCs
Updated
Updated · Security Affairs · Jun 11

GreatXML Bypasses BitLocker With 2 Files, Granting SYSTEM Shell on Scanned Windows PCs

3 articles · Updated · Security Affairs · Jun 11

Summary

  • Chaotic Eclipse published a working GreatXML proof of concept on June 10 that opens a full SYSTEM shell in Windows Recovery Mode and exposes the BitLocker-protected volume.
  • Two copied items—an unattend.xml file and a Recovery directory—let the exploit abuse Defender Offline Scan artifacts left on the recovery partition after WinRE malware scans.
  • Any machine that has ever run Defender Offline Scan is described as automatically vulnerable; the attack needs brief physical access or another way to write to the recovery partition.
  • No patch exists yet, and the researcher said systems that never used Offline Scan may still be exploitable if an attacker can force the required recovery state.
  • GreatXML follows RoguePlanet and several other recent Windows zero-days released amid Chaotic Eclipse's dispute with Microsoft over report handling, account access and compensation.

Sources

Security Affairs3h ago
Chaotic Eclipse's GreatXML Exploit Bypasses BitLocker via Defender Offline Scan, Grants SYSTEM Shell
it-connect.tech2h ago
RoguePlanet Zero-Day Hits Windows Defender After June Patch Tuesday
securityonline.info10h ago
GreatXML BitLocker Bypass: PoC Exploit Disclosed
4 Sources

Insights

What happens if the researcher's 'dead man's switch' releases more devastating Microsoft exploits after their public disappearance?
Is one researcher's vendetta against Microsoft exposing a fatal flaw in how all major software vulnerabilities are handled?

Related Stories

Microsoft Folds MDASH Into Security Control Plane With 100+ AI Agents at Build 2026
8d ago
Microsoft Drops Legal Threat Over Windows 11 BitLocker Zero-Day as Backlash Hits CVD Stance
9d ago
Microsoft Condemns 6 Windows Flaws Disclosure as Researcher Alleges It "Ruined" His Life
11d ago

Sources

4 total
Security Affairs3h ago
Chaotic Eclipse's GreatXML Exploit Bypasses BitLocker via Defender Offline Scan, Grants SYSTEM Shell
it-connect.tech2h ago
RoguePlanet Zero-Day Hits Windows Defender After June Patch Tuesday
securityonline.info10h ago
GreatXML BitLocker Bypass: PoC Exploit Disclosed
Show all 4 sources

Related Stories

Microsoft Folds MDASH Into Security Control Plane With 100+ AI Agents at Build 2026
8d ago
Microsoft Drops Legal Threat Over Windows 11 BitLocker Zero-Day as Backlash Hits CVD Stance
9d ago
Microsoft Condemns 6 Windows Flaws Disclosure as Researcher Alleges It "Ruined" His Life
11d ago