Bottom line: BitLocker can be bypassed via XML files in the Windows Recovery Partition, underscoring the need for additional encryption and integrity controls.
Security researcher Chaotic Eclipse has published a Windows BitLocker bypass named GreatXML that works through manipulated XML files in the Recovery Partition. The discovery was made by chance within four hours.
Chaotic Eclipse (also known as Nightmare-Eclipse and MSNightmare) reported on Blogger about the accidental discovery of this BitLocker bypass. According to his own account, the research took a total of four hours to identify the vulnerability. This is not the first security flaw this researcher has recently disclosed – just days earlier, an exploit for Microsoft Defender was published.
The GreatXML method exploits XML files in the Windows Recovery Partition to circumvent encryption. BitLocker is considered the standard protection for disk encryption on Windows systems, especially in enterprise environments. A functioning bypass thus represents a significant risk to data confidentiality, particularly since attackers may require physical access to the system or access to the Recovery Partition.
For CISOs, this means that the effectiveness of BitLocker as a standalone protective measure must be reassessed. A multi-layered defense strategy that goes beyond pure disk encryption is required. This includes monitored access to recovery environments, UEFI security settings, and supplementary controls for Boot Partition integrity.
Source: thehackernews.com · Published 11 June 2026
Lumi AI News — AI-assisted curation per Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.6.5.