GreatXML BitLocker Bypass: A Writeup That Doesn’t Reproduce

Security researcher Nightmare Eclipse (also known as Chaotic Eclipse and MSNightmare) published a Windows BitLocker bypass called GreatXML on June 10, 2026, claiming it lets an attacker spawn a command shell with unrestricted access to an encrypted volume. The writeup, posted alongside a public proof-of-concept, requires only that the target machine has ever run a Microsoft Defender Offline Scan. A second security researcher says the steps don’t reproduce that way in his lab, and the disagreement is now the heart of the story.

GreatXML appeared on GitHub one day after the same researcher’s RoguePlanet exploit for Microsoft Defender, and weeks after Microsoft patched an earlier BitLocker bypass he had called YellowKey. It also lands in the middle of an unusually public fight between the researcher and Microsoft over how vulnerabilities are reported. Below is the claim, the rebuttal from Will Dormann, the broader eight-disclosure pattern, and the practical steps a defender can take tonight.

The Claim and the Steps

Nightmare Eclipse says the bug took four hours to find and called it “an accidental discovery” in a post on their Blogger log. “If you ever attempted to use Windows Defender Offline Scan, you’re automatically vulnerable to a BitLocker bypass,” the researcher wrote. “I’m unsure if you can still trigger the bug without ever using the offline scan feature, because you can definitely.”

The proof-of-concept sits on the MSNightmare public GreatXML proof-of-concept and asks the attacker to drop two files on the recovery partition of the target machine. From there, the writeup says, a Shift-reboot into the Windows Recovery Environment is supposed to produce a shell with full access to the encrypted volume. Per the README quoted by The Hacker News, the result is a shell “with unrestricted access to the bitlocker volume.” The README includes two screenshots of the alleged result.

1. Copy an XML file (unattend.xml) and a Recovery folder containing another XML (Recovery/WindowsRE/ReAgent.xml) to the root of the recovery partition.
2. Reboot to Windows Recovery Environment (WinRE) by holding Shift while clicking Restart in the Windows power menu.
3. If every step is followed correctly, a shell with unrestricted access to the BitLocker volume spawns.

Will Dormann’s Lab: 3 Windows 11 Lineages, No Reproduction

Will Dormann, a vulnerability analyst who has spent two decades inside Microsoft, CERT/CC, and the security community at large, ran Nightmare’s steps in his own lab and called the writeup flawed. “I think the writeup is flawed in that the spawned CMD.EXE happens on the NEXT time that a Microsoft Defender Offline scan is triggered,” Dormann posted in his public critique of the writeup. The repro, in other words, does not fire on a plain Shift+Restart into WinRE.

It needs the user to be signed in to Windows with admin credentials first. “And if you’ve already got that level of access, you can just turn off bitlocker,” Dormann added.

On the actual behavior, he was blunt. A plain Shift-reboot gives the standard recovery menu, not the Defender Offline prompt, even after the prescribed files are dropped in place. The path the writeup describes appears to need the attacker to already be an admin on the running system, a condition that on its own unlocks BitLocker from the system tray with a single click. He tested across 3 Windows 11 lineages, and none of them matched the writeup.

The Hive Security writeup of GreatXML, published the same day, lands on a similar caution: “This is not yet a Microsoft-confirmed CVE. Treat it as a public, technically plausible PoC claim with incomplete external validation.” No advisory from Microsoft has appeared, and no patch exists. Security Affairs noted that the researcher themselves admitted they “don’t fully understand all the conditions needed to trigger the issue.”

The writeup for GreatXML suggests that the prerequisite is that Windows Defender Offline has been executed at some point in the past. And that after planting two files in WinRE, all you need to do is [Shift]-reboot into WinRE, and Windows will automatically go into Microsoft Defender Offline scan mode. But this is not the case in any of the 3 lineages of Win11 that I have handy.

The lab test was published on Mastodon on June 11, 2026 by Will Dormann, a security researcher who has worked inside Microsoft and CERT/CC. His conclusion was that the writeup, as published, does not reproduce the way its author claims on any of the 3 Windows 11 lineages he had to hand.

Why a Working Bypass Would Still Matter

Even with the repro disputed, the building blocks Nightmare’s writeup leans on are real, and the trust boundary it points at is sensitive. Windows Recovery Environment is a Windows PE-based recovery environment that Microsoft documents as present by default on Windows 10, Windows 11, and Windows Server 2016 and later. It can be started from the login screen with Shift+Restart, from Advanced Startup, from recovery media, or automatically after boot failures. The recovery environment has to be powerful enough to repair a broken operating system, which is also exactly why a trust mistake in it can become a disk-encryption problem.

Microsoft’s own documentation is the security promise GreatXML is implicitly challenging. Encrypted files should not be accessible in recovery unless the user has the key, per the Defender Offline Scan documentation.

The mechanism in the proof-of-concept is a Microsoft-supported feature being abused inside a recovery-environment path. The first file, unattend.xml, is a legitimate Windows deployment automation mechanism that Microsoft writes for OEM factories. GreatXML drops a copy of it where the recovery environment will execute it, alongside a Recovery directory containing ReAgent.xml. The attack shape is the recovery boundary being too trusting of files that arrive from the disk underneath it.

Eight Disclosures, Six Patches, One Unpatched Claim

GreatXML is the eighth publicly disclosed Windows zero-day from Nightmare Eclipse in roughly two months. Six of the eight now have patches from Microsoft, and the seventh, RoguePlanet, is under active investigation.

Microsoft closed six of them in its June 9 Patch Tuesday release, the company’s largest Patch Tuesday on record, with fixes for 206 vulnerabilities, plus three publicly disclosed zero-days, according to Malwarebytes. YellowKey’s patch carries CVE-2026-45585, the BitLocker bypass Nightmare disclosed in May. GreenPlasma, a Windows Collaborative Translation Framework privilege escalation, carries CVE-2026-45586 per the official advisory for CVE-2026-45585. Three of the earlier six, BlueHammer, RedSun, and UnDefend, have been added to CISA’s Known Exploited Vulnerabilities catalog, meaning the agency has confirmed in-the-wild attacks. SecurityWeek reported that ransomware crews began chaining the local-privilege-escalation exploits within days of their public release. BlueHammer was patched in April 2026; the rest of the original six were fixed on June 9, 2026.

The Souring Relationship With Microsoft

Microsoft told The Register on Wednesday that it is “aware of RoguePlanet, and actively investigating the validity and potential applicability of these claims.” The company did not respond to questions about GreatXML, including the timing of any patch. “Microsoft has said none of the vulnerabilities were reported via its official channels prior to being made public,” The Register reported. The relationship has soured enough to draw a public legal threat and a public walk-back.

In late May, Microsoft’s Security Response Center called the run of zero-day dumps irresponsible. “The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk,” the company said, listing RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma by name.

The legal threat drew pushback from the security community, and Microsoft dialed back its rhetoric. Nightmare’s blog post on the latest round includes the line, “I was told personally by them that they will ruin my life and they did.” The researcher pledged a July 14 mass disclosure last month, then walked that back two days before GreatXML, saying RoguePlanet “took way more time than expected and truly drained me.”

What Defenders Can Do Tonight

Microsoft has not confirmed GreatXML is a vulnerability it will patch, and Will Dormann’s reading is that the writeup’s repro path does not hold up on current Windows 11. That said, the class of bug is real enough that several hardening steps are worth doing before the next Patch Tuesday. For a deeper look at the broader Nightmare Eclipse run, see a full writeup of the Nightmare Eclipse disclosures already on this site.

The right immediate move is to enable TPM+PIN for BitLocker, so a physical-access attacker cannot unlock the encrypted volume from the recovery environment on their own. Treat unexpected Defender Offline Scans as a security event, not antivirus noise, and log who initiated them. Audit the recovery partition for unexpected files at \unattend.xml and \Recovery\, and alert on writes there from user-land processes. Correlate WinRE boot events with BitLocker recovery events in your endpoint telemetry.

• Switch BitLocker to TPM+PIN on high-value laptops.
• Audit the recovery partition for unattend.xml and \Recovery\ directory changes.
• Alert on Defender Offline Scan initiations from user-land processes.
• Flag any WinRE boot that isn’t tied to a support ticket.
• Watch for a Microsoft advisory and apply the patch the day it ships.

Frequently Asked Questions

Is GreatXML a confirmed BitLocker bypass?

No Microsoft advisory or CVE has been issued for GreatXML. The public writeup, posted on June 10, 2026, is a proof-of-concept claim from researcher Nightmare Eclipse, and security researcher Will Dormann says the described steps do not reproduce on the 3 Windows 11 lineages he tested.

Which Windows versions are affected?

The writeup does not name specific affected versions, and the precondition it states, that Microsoft Defender Offline Scan has been run on the target at least once, applies to any Windows 10, Windows 11, or supported Windows Server install. Microsoft has not listed affected builds.

Does an attacker need physical access to the machine?

The writeup’s own description requires the attacker to copy two files to the recovery partition, which Security Affairs says “requires brief physical access to the target machine, or the ability to write to the recovery partition through any other means.” Will Dormann’s critique says the repro he tested also requires the attacker to be logged in to Windows with admin credentials.

When will Microsoft patch GreatXML?

Microsoft has not announced a patch, an advisory, or a CVE for GreatXML. The company told The Register on June 10 that it is “actively investigating” RoguePlanet, the prior disclosure, and did not respond to questions about GreatXML, including the timing of any patch.

Should I run Windows Defender Offline Scan?

The writeup’s premise is that running the scan at any point in the past is the precondition that makes the bypass fire. Will Dormann’s rebuttal says the repro path does not hold up, so disabling the feature is not advised. The bigger fix is enabling TPM+PIN and monitoring recovery partition writes.