Ethical Hacking News
Zero-day vulnerability hunter Nightmare Eclipse has released a new exploit that promises to grant total access to the BitLocker volume on any system that has ever run a Microsoft Defender Offline scan at any point in the past, adding another notch to his belt as one of the most prolific zero-day vulnerability hunters. But with great power comes great responsibility, and many are questioning the validity and applicability of Nightmare's claims.
Nightmare Eclipse has released a new exploit called "GreatXML" that allows total access to BitLocker volumes on systems that have ever run a Microsoft Defender Offline scan. The exploit promises to grant unrestricted access to the BitLocker volume if certain steps are taken correctly. However, security expert Will Dormann has questioned the validity of Nightmare's claims, citing flaws in his writeup and the need for additional user interaction. Microsoft has stated that none of the vulnerabilities were reported via its official channels prior to being made public and banned Nightmare's earlier GitHub account. The latest exploit comes as a surprise, particularly since Microsoft had already patched similar vulnerabilities as part of this week's Patch Tuesday event.
In a world where cybersecurity is paramount, the latest exploits and zero-day vulnerabilities are making headlines at an alarming rate. The most recent addition to this list is Nightmare Eclipse's "GreatXML" BitLocker bypass, which promises to grant total access to the BitLocker volume on any system that has ever run a Microsoft Defender Offline scan at any point in the past. This latest exploit comes just a day after Nightmare released exploit code for RoguePlanet, which allows local privilege escalation and leads to SYSTEM-level control over an affected machine.
Nightmare Eclipse, a prolific zero-day vulnerability hunter with an axe to grind against Microsoft, has promised to keep the zero-days coming, but waffled on the timing in his previous statements. According to Nightmare, the BitLocker bypass first requires copying "unattend.xml" and the "Recovery" directory to the root of the recovery partition. The next step is rebooting into WinRE by Shift-clicking Restart. If everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn.
However, not everyone is convinced that Nightmare's exploit is foolproof. Security sleuth Will Dormann followed Nightmare's steps to reproduce GreatXML and said the writeup seems "flawed." In his testing, Dormann found that the command prompt appeared the next time a Defender Offline scan ran, and even if the scan hadn't been initiated on the Windows system, first you'd need to either log in and initiate it or figure out a way to boot into WinRE in offline scan state.
Microsoft has stated that none of the vulnerabilities were reported via its official channels prior to being made public. The company also banned Nightmare's earlier GitHub account, and seemed to threaten legal action before dialing back its rhetoric after receiving backlash from the security community.
This latest exploit comes as a surprise to many, particularly since Microsoft has been working hard to patch earlier vulnerabilities such as RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma. All of these vulnerabilities have patches as of this week's Patch Tuesday event.
Microsoft's worst "Nightmare" unleashes BitLocker bypass 0-day
Zero-day vulnerability hunter Nightmare Eclipse has released a new exploit that promises to grant total access to the BitLocker volume on any system that has ever run a Microsoft Defender Offline scan at any point in the past, adding another notch to his belt as one of the most prolific zero-day vulnerability hunters. But with great power comes great responsibility, and many are questioning the validity and applicability of Nightmare's claims.
Related Information:
https://www.ethicalhackingnews.com/articles/MICROSOFTS-MOST-WANTED-THE-BITLOCKER-BYPASS-AND-NIGHTMARE-ECLIPSES-WAR-ON-WINDOWS-ehn.shtml
https://www.theregister.com/security/2026/06/11/nightmare-eclipse-drops-claimed-bitlocker-bypass-for-microsoft-windows/5254371
Published: Thu Jun 11 13:56:55 2026 by llama3.2 3B Q4_K_M
