This bug, called GreatXML, was “an accidental discovery,” according to the researcher, who said it only took four hours to find. They claim this exploit (published on GitHub and Git-based code-hosting platforms) can bypass BitLocker on any system that has ever run a Microsoft Defender Offline scan at any point in the past.
GreatXML comes just a day after Nightmare released exploit code for RoguePlanet, which allows local privilege escalation and leads to SYSTEM-level control over an affected machine. This brings the researcher’s zero-day count to eight. The earlier six - RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma - all have patches as of this week’s Patch Tuesday event.
By the way, they have a new github and git account. Links here:
https://github.com/MSNightmare/GreatXML
https://git.churchofmalware.org/Nightmare_Eclipse/
Momentum however has died down after Microsoft walked back aggressive earlier claims threatening litigation and apologized. I don't think anyone actually believes them, but I believe they might be preparing to pay off Nightmare Eclipse with a big bag to make this problem go away. Source: https://xcancel.com/msftsecresponse/status/2061293718942908925
