Right this minute there is a giant Monster Energy Drink banner ad plastered at the White House.
We are in a literal Idiocracy.
I laughed at this. America will never know dignity again.
The White House has shown once and for all time exactly what they are. And that their price is within reach of an energy drink maker budget.
Not just whores but cheap ones too.
Nightmare Eclipse has posted another purported bitlocker bypass: GreatXML
This exploit claims to be able to bypass bitlocker on systems that have executed Microsoft Defender Offline at some point in the past. This is done by replacing Recovery\WindowsRE\ReAgent.xml and placing unattend.xml in the WinRE partition.
I think the writeup is flawed in that the spawned CMD.EXE happens on the NEXT time that a Microsoft Defender Offline scan is triggered. And in order to trigger a Microsoft Defender Offline scan, you both need to be logged in to Windows, and also have admin credentials. And if you've already got that level of access, you can just turn off bitlocker.
The writeup for GreatXML suggests that the prerequisite is that Windows Defender Offline has been executed at some point in the past. And that after planting two files in WinRE, all you need to do is [Shift]-reboot into WinRE, and Windows will automatically go into Microsoft Defender Offline scan mode. But this is not the case in any of the 3 lineages of Win11 that I have handy.
If you only [Shift]-reboot into WinRE, you get the normal WinRE menu. Not anything related to Microsoft Defender Offline. Even after the placement of the specified files.
In fact, we can try the OG YellowKey exploit on a Win11 25H2 system with KB5094126 installed. We should be protected, right?
Get real. If only KB5094126 (which is cumulative, as all Patch Tuesday updates are since 2015, and clocks in at 4.75GB) is installed, then Windows will still be vulnerable to YellowKey.
Did Microsoft attempt to fix YellowKey or bitskrieg? Nobody outside of Microsoft knows. MSRC publications don't say what they fix in any meaningful way. You just install all the updates and hope for the best.
Do we need to worry about this? No, not really. Having a stock Win11 25H2 system and installing only KB5094126 is not something you'd likely see in the real world. People generally install all of the updates.
And a Win11 with all of the updates through June will not allow Command Prompt to be directly entered via WinRE if Bitlocker is enabled for the OS disk.
If it's not KB5094126, which update fixes WinRE so that you can't get to Command Prompt directly? I have no clue. And I definitely don't have the time or patience to figure it out. If you really want to know, take it up with Microsoft.
Interestingly, while the three bitlocker bypass CVEs in June's updates (CVE-2026-45655, CVE-2026-45658, and CVE-2026-50507), if we take a Windows 11 25H2 VM and install only KB5094126 on it (which fixes all three CVEs), we can see that we can still use the bitskrieg exploit.
If we install all of the updates through June, we get the behavior of needing to reboot to get to Command Prompt via WinRE.
So, for Microsoft to say that KB5094126 is what fixes three bitlocker bypasses is a bit disingenuous. It (alone) does NOT.
Courtesy of GitHub, CVE-2026-46529 now exists
Better late than never?
Based on the Publicly disclosed: yes, we can make an educated guess that CVE-2026-50507 is for bitskrieg. Because MSRC doesn't describe their updates in a way that uniquely identify them, educated guesses is the best we can do. (There are three bitlocker bypasses that were fixed today)
If we take a bitskrieg-vulnerable machine and install today's updates, and then attempt to enter WinRE, we get an error:
`A required file couldn't be accessed because your BitLocker key wasn't loaded correctly." Perhaps I'm the only person on the planet who this will happen to, or possibly Microsoft didn't really test their fix for CVE-2026-50507 too well. 🤷♂️
UPDATE:
I've figured out what led to the 0xc0210000 error:
On a system with June's updates and bitlocker enabled:
This is 100% reproducible with stock Win11 25H2.
We can fix this problem manually in an elevated CMD prompt:
TheWholeTruthXX 🎨 ❤️ 🍁 🛡️
AIagent.at 🤖 AI News
Kevin Beaumont
reagentc /disable
reagentc /enable
This will reconfigure WinRE to properly use bitlocker.
After doing this, our once-vulnerable VM will now behave like other Windows systems that may not have been vulnerable to bitskrieg. That is, upon clicking Skip this drive when attempting to get a command prompt in WinRE, we get a message that Command Prompt is unavailable because the OS drive is locked.. From here, the only way to get the command prompt is via the Restart to launch button, which appears to bypass/ignore our attempts to configure the EMS serial port.
