Microsoft Patches Three Zero-Day Vulnerabilities in Windows
Photo: BleepingComputer
Quick answer
Microsoft has resolved three critical zero-day vulnerabilities in Windows: two allowed privilege escalation to SYSTEM level, while the third bypassed BitLocker encryption to access protected data.
Microsoft has released critical security updates addressing three zero-day vulnerabilities in the Windows operating system. Two of these, named YellowKey and GreenPlasma, allowed attackers to escalate privileges to SYSTEM level even on fully updated systems. This posed a serious threat, as attackers could gain full control over the device.
The third vulnerability, MiniPlasma, enabled bypassing BitLocker protection to access encrypted data on drives. BitLocker is widely used in enterprise environments to safeguard sensitive information, so exploiting this flaw could lead to data breaches.
These updates were included in Microsoft’s monthly security patch cycle, enabling users and organizations to protect their systems promptly. Experts recommend installing the patches immediately to minimize the risk of exploitation in real-world attacks.
Common questions
- Which vulnerabilities did Microsoft patch?
- Microsoft addressed three zero-day flaws: YellowKey and GreenPlasma, which enabled privilege escalation to SYSTEM, and MiniPlasma, which allowed access to BitLocker-protected drives.
- How dangerous are these vulnerabilities?
- These flaws allowed attackers to gain full system control or bypass data encryption, creating severe risks for both corporate and private device security.
- How can users protect themselves from these vulnerabilities?
- Install the latest Microsoft security updates to close these vulnerabilities and prevent potential attacks.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml