this post was submitted on 22 May 2026
224 points (100.0% liked)

PC Master Race

21205 readers
1151 users here now

A community for PC Master Race.

Rules:

  1. No bigotry: Including racism, sexism, homophobia, transphobia, or xenophobia. Code of Conduct.
  2. Be respectful. Everyone should feel welcome here.
  3. No NSFW content.
  4. No Ads / Spamming.
  5. Be thoughtful and helpful: especially when new beginners have questions.

founded 2 years ago
MODERATORS
_MoveSwiftly@lemmy.world
The_Vampire@lemmy.world
Fudgeknuckles98@lemmy.world
Brunbrun6766@lemmy.world
IowaMan@lemmy.world
BobaFett26@lemmy.world
CatZoomies@lemmy.world
Xeon@lemmy.ml
geosoco@kbin.social
224
Microsoft issues mitigation for critical Windows 11 BitLocker flaw exploited with a USB key — "Can't come up with an explanation beside the fact that this was intentional." (www.windowscentral.com)
submitted 23 hours ago by sanitation@lemmy.radio to c/pcmasterrace@lemmy.world
16 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Wildmimic@anarchist.nexus 57 points 21 hours ago

Even better, they posted this last week:

After re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out cldflt!HsmOsBlockPlaceholderAccess is still vulnerable to the exact same issue that was reported to Microsoft 6 years ago. I'm not taking full credit for this, James Forshaw from google project zero found the vulnerability and reported it to Microsoft and was supposedly fixed as CVE-2020-17103.

However, a research who's a friend of mine pointed out that the routine might still have a vulnerability, which is something I considered but brushed off because I thought it was impossible for Microsoft to just not patch this or rollback the patch.

After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched. I'm unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes.

https://github.com/Nightmare-Eclipse/MiniPlasma https://deadeclipse666.blogspot.com/