Researcher Discloses GreatXML Exploit That Bypasses BitLocker via Recovery Partition
Միայն փաստեր

Researcher Discloses GreatXML Exploit That Bypasses BitLocker via Recovery Partition

Summary

A security researcher has released GreatXML, a technique that can circumvent Windows BitLocker encryption by exploiting XML files on the recovery partition, particularly after using Defender Offline Scan.

A security researcher known as Chaotic Eclipse has published a new method, dubbed GreatXML, that can bypass Windows BitLocker encryption. The technique leverages XML files placed on the recovery partition and requires the system to have run a Windows Defender Offline Scan.

The exploit involves copying an "unattend.xml" file and a recovery folder containing "Recovery/WindowsRE/ReAgent.xml" to the root of the recovery partition, then rebooting into the Windows Recovery Environment (WinRE) by holding Shift while selecting Restart. When executed correctly, the process spawns a command shell with unrestricted access to the encrypted volume.

"If you ever attempted to use Windows Defender Offline Scan, you're automatically vulnerable to a BitLocker bypass," the researcher wrote in a blog post. "If Defender offline scan was never initiated then you have to either login and initiate it yourself or figure out a way to boot into WinRE in offline scan state and follow steps above."

GreatXML follows earlier disclosures by the same researcher, including a zero-day flaw in Microsoft Defender that allowed local privilege escalation and a prior BitLocker bypass named YellowKey (CVE-2026-45585), for which Microsoft issued patches in its recent Patch Tuesday updates.

Աղբյուր

The Hacker News
FL Plus

Կարդացե՛ք ամբողջ նորությունը FL Plus-ով

Անսահմանափակ նորություններ և վերլուծություն յուրաքանչյուր վերնագրի հետևում։

Անսահմանափակ նորությունների հոսք
Ինչու՞ է նորությունն ստացել այս գնահատականը
Ֆակտչեքինգի ամբողջական մանրամասներ