New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files
Security researcher Chaotic Eclipse, also known as Nightmare-Eclipse and MSNightmare, unveiled a new exploit named GreatXML on March 19, 2024, that bypasses Windows BitLocker encryption. This discovery followed closely on the heels of their March 18, 2024, release of an exploit targeting Microsoft Defender. Chaotic Eclipse described the GreatXML exploit as an "accidental discovery" that took approximately four hours to develop, detailing the vulnerability in a blog post. The exploit leverages XML files found within the BitLocker recovery partition to gain unauthorized access. This method circumvents BitLocker's standard security protocols by manipulating the recovery data stored in these XML files. The researcher indicated that users who have previously utilized the Windows Defender Offline Scan feature might be particularly susceptible to this exploit. Further technical details regarding the specific mechanisms of the GreatXML exploit were not immediately available in the initial announcement.
Original source — read the full reporting at the publisher:
Read on The Hacker News