Windows 11’s June update shuts down an intentional BitLocker backdoor with full file access — here’s what changed

News
By published

Microsoft’s June 2026 Patch Tuesday update fixes a controversial BitLocker flaw.

Windows 11 PC covered in bugs
(Image credit: Future | Edited with Gemini)

Earlier this week, Microsoft patched three zero-day exploits published by security researcher "Chaotic Eclipse" (also known as Nightmare-Eclipse) last month, including YellowKey, GreenPlasma, and MiniPlasma (via Bleeping Computer).

For context, the YellowKey vulnerability allowed the security sleuth to access BitLocker-protected drives on Windows 11 with a simple USB key. Perhaps more concerningly, Nightmare claimed that Microsoft "intentionally" left a backdoor in the security feature.

Microsoft issued a mitigation for the critical Windows 11 flaw to restore BitLocker’s trust in WinRE and has now patched the vulnerability as part of its June 2026 Patch Tuesday updates, which fixed over 200 security flaws. If the past few weeks are anything to go by, it's evident that Microsoft and security sleuth Nightmare-Eclipse have been in a back-and-forth argument over how vulnerabilities are reported and how researchers are compensated.

Latest Videos From

The tech giant indicated that publishing the unpatched bugs along with code to exploit them placed customers across its ecosystem at risk. The company initially threatened legal action against the security researcher, sparking outrage across the cybersecurity community. Following the backlash, Microsoft ultimately reversed course and dropped the threat.

Nightmare even claimed that Microsoft banned their GitHub account and even deleted their Microsoft account as retaliation for publishing the zero-day exploits. "[They were] told personally by [Microsoft] that they will ruin my life, and they did", Nightmare added while referring to Microsoft's actions as vindictive.

The tech giant previously indicated that the vulnerabilities published by the security sleuth weren't shared with the company in advance, as highlighted in its Coordinated Vulnerability Disclosure (CVD) policy. It also dismissed claims that it had deactivated the sleuth's accounts:

"Microsoft does not remove MSRC researcher portal accounts, which is where anyone can submit a vulnerability to the company. Microsoft cannot confirm which account this person is claiming was deactivated."

This news comes as scammers and bad actors are increasingly becoming deceptive and using sophisticated ploys to gain unauthorized access to sensitive data from unsuspecting users. Last month, I reported that scammers are exploiting a legitimate Microsoft email address used for 2FA codes to spam unsuspecting users.

Click to join us on r/WindowsCentral

Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.

Kevin Okemwa
Kevin Okemwa
Contributor

Kevin Okemwa is a seasoned tech journalist based in Nairobi, Kenya with lots of experience covering the latest trends and developments in the industry at Windows Central. With a passion for innovation and a keen eye for detail, he has written for leading publications such as OnMSFT, MakeUseOf, and Windows Report, providing insightful analysis and breaking news on everything revolving around the Microsoft ecosystem. While AFK and not busy following the ever-emerging trends in tech, you can find him exploring the world or listening to music.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.