Overview

Earlier this month, security sleuth and researcher “Chaotic Eclipse” (also known as Nightmare-Eclipse) published a zero-day exploit known as YellowKey, which allowed them to access BitLocker-protected drives on Windows 11 with a simple USB key. They stated, “Just can’t come up with an explanation besides the fact that this was intentional. Also, for whatever reason, only Windows 11 (+Server 2022/2025) is affected; Windows 10 is not.”

The Controversy

The bone of contention between the security sleuth and Microsoft seems to stem from unpaid bounties from the MSRC program. Nightmare-Eclipse indicated that Microsoft ignored their communication attempts and that they “got zero pennies from doing so.”

To that end, Microsoft has remained silent on the matter, leaving many to wonder whether Eclipse’s claims hold true or if the researcher simply failed to meet the MSRC program’s exact requirements for receiving a bounty reward on critical vulnerability disclosures.

For more details, check out the full article here: Read full article