GreatXML: The Zero-Day That Can Unlock Your BitLocker Drive in Minutes

As Hive Security describes it, the file “did exactly what it was designed to do—just in the wrong hands, at the wrong time, inside the one environment that BitLocker trusts to leave the keys alone” .

The Bigger Picture: Nightmare Eclipse’s Escalating Campaign

GreatXML is not an isolated disclosure. It is the seventh zero-day published since April 2026 by Nightmare Eclipse, a security researcher who has been in a public, months-long feud with Microsoft over its vulnerability handling process . The researcher has released each flaw alongside a working proof-of-concept (PoC), a practice Microsoft has condemned as putting customers “at unnecessary risk” .

Here is the full timeline of Nightmare Eclipse’s 2026 disclosures and their current status as of mid-June:

BlueHammer was a local privilege escalation (LPE) flaw in Windows Defender with a CVSS score of 7.8 . RedSun and UnDefend attacked Defender’s cloud file rollback and signature update mechanisms, respectively . YellowKey was an earlier BitLocker bypass, and GreenPlasma was a CTFMON-based LPE that grants SYSTEM access .

Most recently, RoguePlanet, published a day before GreatXML, exploits a time-of-check to time-of-use (TOCTOU) race condition in Microsoft Defender to gain SYSTEM privileges on fully patched systems .

June 2026 Patch Tuesday: Who Got Fixed

Microsoft’s June 9, 2026, Patch Tuesday fixed over 200 vulnerabilities, including six zero-days . Among Nightmare Eclipse’s disclosed exploits, two were addressed:

• GreenPlasma (CVE-2026-45586) was patched .
• YellowKey (CVE-2026-50507) was patched .

However, both RoguePlanet and GreatXML were left out of the update. As of the latest reporting, neither has an official patch or a CVE assignment .

Who Is Vulnerable to This Attack

The profile of a vulnerable system is surprisingly common. The exploit affects any Windows device using BitLocker in TPM-only mode where Microsoft Defender Offline Scan has been run at least once .

In TPM-only mode, the Trusted Platform Module automatically hands over the encryption key during boot, which is why the exploit works seamlessly once the machine is coerced into the trusted WinRE environment. The attacker does not need to know a password or possess a recovery key—just physical access to the laptop or workstation and enough time for a single reboot .

This makes laptops, portable workstations, and other mobile devices the primary targets for enterprise theft or a brief “evil maid” style attack. Servers are also affected, though the physical-access requirement makes them less likely targets in most threat models.

Mitigations Until Microsoft Ships a Fix

No official patch exists for GreatXML. Organizations should immediately implement compensating controls rather than waiting for Microsoft to act .

1. Switch from TPM-only to TPM+PIN authentication. This is the single most effective workaround. Configuring BitLocker to require a TPM with a PIN (or TPM plus a USB startup key) means that even if an attacker reboots the device into WinRE, the drive will not unlock without the PIN .
2. Apply application allowlisting controls. Solutions like ThreatLocker can be configured to block unauthorized binaries, scripts, and XML-based setup files from executing in the recovery environment, breaking the attack’s execution chain .
3. Tighten physical security for high-risk devices. Treat any device that has ever undergone a Defender offline scan as having a standing vulnerability. Bolster physical access controls and monitor for unauthorized handling until a patch is available .
4. Audit your environment. Determine which machines have run an offline scan. Without that prerequisite, the exploit cannot be staged, so identifying those devices helps prioritize immediate mitigation.

The security community is treating GreatXML as a technically plausible, publicly available exploit with incomplete external validation . For defensive teams, that means the safest assumption is that every eligible system is exploitable until proven otherwise.