Posts: 16,522
Threads: 10,404
Thanks Received: 9,394 in 7,540 posts
Thanks Given: 10,383
Joined: 12 September 18
12 June 26, 06:26
Quote:A newly disclosed zero-day vulnerability dubbed “GreatXML” is raising serious concerns across the Windows security ecosystem, as it enables a practical BitLocker bypass by abusing the Windows Defender Offline Scan mechanism and Windows Recovery Environment (WinRE).
The issue, published by a researcher known as “MSNightmare” (Nightmare Eclipse), demonstrates how systems that have previously initiated a Defender Offline Scan can be left in a persistently weakened state, allowing attackers with physical access to gain unrestricted access to encrypted volumes without authentication.
GreatXML Zero-Day Enables BitLocker Bypass
ccording to the publicly released proof-of-concept (PoC) and accompanying repository, the vulnerability hinges on how Windows handles recovery boot configurations and unattended setup files during offline scanning scenarios.
Specifically, attackers can place a crafted “unattend.xml” file alongside a modified Recovery directory at the root of the system’s recovery partition.
Continue Reading...
GreatXML Zero-Day Enables BitLocker Bypass Through Windows Defender Offline Scan
![[-]](https://www.geeks.fyi/images/collapse.png "[-]")
