Patch status is not your risk variable

Opening position

Two Windows 11 zero-days are public. Yellowkey bypasses BitLocker. Greenplasma is a local privilege escalation. The release came from the same researcher who previously dropped bluehammer and redsun. Vendor patch status at time of disclosure is not confirmed. Coordinated disclosure with Microsoft is not confirmed. Treat both as live against Windows 11 endpoints until proven otherwise.

The operational meaning is narrow and specific. Two control boundaries on Windows 11 are publicly identified as crossable by the researcher’s own claim. One boundary is data-at-rest encryption. The other is privilege separation between user and SYSTEM. Both are foundational. Neither is a defense-in-depth layer that can absorb the loss of an adjacent control. The number of weaponised samples in the wild is not confirmed. The number of distinct attacker groups in possession of working code is not confirmed. Absence of confirmation is not absence of risk.

The source matters for triage. A researcher with a prior track record of unilateral drops has now delivered a third and fourth artifact in the same pattern. The pattern itself is the signal. Build the response around the assumption that more is coming from the same source, on the same platform, on the same release cadence. Duration of researcher activity, motive specifics, and target selection are not confirmed and must not drive planning. Public availability of working code is the variable that changes risk. That variable has moved.

What actually failed

Yellowkey crosses the BitLocker boundary. The externally observable consequence is that encrypted-at-rest protection on affected Windows 11 hosts cannot be assumed to hold against an attacker with the conditions yellowkey requires. The required conditions, including physical access, firmware state, TPM binding mode, recovery key handling, and pre-boot authentication posture, are not confirmed. Whether the bypass operates against TPM-only, TPM with PIN, or USB-key configurations is not confirmed. Affected build numbers and feature update versions are not confirmed. What is confirmed is that the encrypted-at-rest property is now contested on this platform.

Greenplasma crosses the privilege boundary on the same platform. The externally observable consequence is that code running in a standard user context can be elevated to a higher privilege context. The exact target context, including SYSTEM, TrustedInstaller, or kernel, is not confirmed. The component abused, the syscall surface touched, and the exploitation primitive used are not confirmed. Prerequisites for successful exploitation, including required APIs, group memberships, or local state, are not confirmed. What is confirmed is that user-to-elevated transition on Windows 11 is no longer governed by the designed control alone.

The joint failure is the relevant one. A local privilege escalation paired with a BitLocker bypass changes the assumed cost of physical or local access. The two artifacts are individually scoped, but they are published by the same actor against the same operating system in the same release. Whether they chain operationally is not confirmed. They do not need to chain to matter. Each one independently invalidates a control most Windows 11 deployments treat as load-bearing.

Why it failed

The control state changed because exploit knowledge moved from private to public. Yellowkey and greenplasma may have been viable for an unknown period before release. That period is not confirmed. What is confirmed is that the period of restricted knowledge ended on disclosure. A control whose effectiveness depended on the secrecy of an implementation flaw is, by definition, no longer effective once that flaw is published. This is the failure mode being observed. It is not a misconfiguration. It is the public exposure of a defect in the enforcement layer itself.

Vendor response status is not confirmed at the point of this writing. Whether a patch is available, in development, or unscheduled is not confirmed. Whether mitigations have been published by Microsoft is not confirmed. The absence of a confirmed patch is itself the operative condition. Defenders are operating without the vendor remediation that the control’s design assumes will be present. The control did not fail in the sense of being misapplied. The control failed in the sense that the conditions for its continued effectiveness no longer hold.

Disclosure intent is not confirmed and is not relevant to control state. The researcher’s motivation, prior conduct, and relationship with the vendor do not change the technical reality on affected hosts. Whether proof-of-concept code, full exploit code, or only written description was released is a material variable. The specific contents of the drop are not confirmed in this brief and must be verified directly from primary sources before scoping response. Treat the disclosure as sufficient to enable capable attackers until the contents are reviewed and the gap to weaponisation is measured.

Mechanism of Failure or Drift

The drift is not in the exploits. The drift is in who controls the release schedule for defects in Windows 11. The designed model assumes the vendor sets the timeline between defect identification and public knowledge of that defect. That timeline is the window in which compensating controls, telemetry tuning, and managed rollouts are executed. Yellowkey and greenplasma did not enter the public domain through that timeline. They entered through a single external actor operating on their own cadence. The control that drifted is the vendor’s exclusive authority over disclosure timing on its own platform.

The second failure is in the assumption that high-value defects on a mass-deployed operating system require coordinated infrastructure to weaponise. A BitLocker bypass and a local privilege escalation are not theoretical primitives. They map to operations that defenders model in their threat libraries already. The mechanism here is that the gap between disclosure and operational use shortens whenever the released artifact reduces the engineering work required to reproduce the primitive. Whether the released artifacts include working code, partial code, or description only is not confirmed. Until that variable is established from primary sources, plan for the shorter gap.

The third element of drift is positional. The same researcher has now made four releases against the same vendor in the same pattern. Bluehammer and redsun set the precedent. Yellowkey and greenplasma extend it. The mechanism is that an external party has demonstrated a sustained capability to identify exploitable defects in the platform and a sustained willingness to publish them outside vendor coordination. The drift is not from one event. It is from a series of events that establish a release channel which the vendor does not control and which defenders must now factor into platform risk modelling. Continuity of researcher activity is not confirmed. The historical record of four releases is.

Expansion into Parallel Pattern

The parallel pattern is platform exposure governed by a third party. Yellowkey and greenplasma are the current instance. Bluehammer and redsun are the prior instance. Same researcher. Same target operating system. Same disclosure mode. The mechanism is identical across all four releases: defect identification outside the vendor, publication outside the vendor, defender exposure begins on publication. The pattern is not the specific vulnerabilities. The pattern is that the conditions for emergence are repeating. Where conditions repeat, expected frequency increases until the conditions change.

The same mechanism applies anywhere a control depends on the secrecy of an implementation flaw for its enforcement. BitLocker is one example on Windows 11. The privilege boundary between standard user and elevated context is another example on the same platform. Both controls are designed against an attacker who does not know the specific defect being exploited. Once the defect is public, the design assumption is invalidated for that specific path. The pattern generalises to any boundary whose enforcement relies on the attacker lacking a specific piece of information. Identity boundaries, execution context separations, and data-at-rest protections all fall into this category when their resilience is tied to undisclosed implementation details rather than to architecture that holds under disclosure.

The operational consequence of the parallel is that two boundaries on Windows 11 are now in the same state. The data-at-rest boundary is contested. The user-to-elevated boundary is contested. A defender modelling one as load-bearing while the other is contested has misread the environment. Whether yellowkey and greenplasma chain is not confirmed. Whether they need to chain is the wrong question. The pattern is that the same researcher has produced two artifacts in one release that independently invalidate two foundational assumptions on the same operating system. Plan for the next release in the pattern to do the same against a different pair of boundaries. The specific targets of any future release are not confirmed and must not drive current scoping.

Hard Closing Truth

BitLocker on affected Windows 11 hosts is not currently a confirmed encrypted-at-rest control. It is a control under public challenge. The boundary it enforces must be treated as contested until the vendor confirms a fix and that fix is deployed on the host in question. Compensating posture on physical custody, lost device handling, decommissioning, and asset recovery must be re-evaluated against the assumption that the BitLocker layer may not hold. The specific conditions yellowkey requires are not confirmed. The absence of those conditions in your environment is also not confirmed until your environment is measured against them.

The privilege boundary on Windows 11 is in the same state. Code execution in a standard user context must not be modelled as separated from elevated context by the designed control alone. Any control architecture that places trust weight on user-context isolation, including endpoint detection logic that assumes a malicious process cannot reach SYSTEM without observable steps, must be reviewed against the possibility that the transition occurs through greenplasma without those steps. The exact primitive greenplasma uses is not confirmed. The result it produces is confirmed by the researcher’s own claim. Plan against the result, not the primitive.

Identity is the boundary. When the boundary moves, the trust model moves with it. Two boundaries on Windows 11 have moved in a single release. The vendor has not confirmed remediation. The researcher has demonstrated a four-release pattern of unilateral disclosure on this platform. Treat the current state as the new operating condition until a patch is confirmed, deployed, and verified on each affected host. Controls that depended on yellowkey and greenplasma not existing are no longer controls. Replace them, compensate around them, or accept the exposure explicitly. There is no fourth option.