In brief: A vulnerability enables Bitlocker encryption bypass through the offline scan function of Windows Defender.
Security researcher Nightmare Eclipse publicly disclosed on June 10, 2026 a vulnerability named GreatXML that enables Windows Bitlocker encryption bypass by abusing the Defender offline scan function.
Nightmare Eclipse, who has previously disclosed multiple security vulnerabilities in Microsoft software, presented the GreatXML vulnerability as a chance discovery. It exploits the offline scan functionality of Windows Defender to gain access to drives encrypted with Bitlocker.
For CISOs, this represents an increased risk when securing encrypted systems. The vulnerability demonstrates that even the factory-integrated Microsoft Defender can serve as an attack vector under certain conditions when systems are operated offline or in recovery modes.
A timely review of Defender configuration as well as evaluation of additional protective measures for offline scenarios should be incorporated into current risk assessments.
Source: borncity.com · Published June 11, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.