Windows "Chaotic Eclipse" zero-day proliferation — YellowKey, GreenPlasma, MiniPlasma

The researcher cluster "Chaotic Eclipse" / "Nightmare Eclipse" continued releasing unpatched Windows LPE/bypass PoCs across the window. On 2026-05-19 a third PoC — MiniPlasma — landed, targeting the cldflt.sys CfAbortHydration path and claiming a re-exploitable regression of the 2020-era CVE-2020-17103. On 2026-05-20 Microsoft formally assigned CVE-2026-45585 to the BitLocker/WinRE bypass (YellowKey) disclosed on 2026-05-12 and published a WinRE mitigation — but confirmed there is still no security update for the cluster; the earliest fix window remains the June 2026 Patch Tuesday. Three public PoCs (YellowKey, GreenPlasma, MiniPlasma) now exist against the Windows-centric desktop estates standard in CH/EU federal and cantonal administrations. Until a patch ships, enforce BitLocker PIN/Network-Unlock GPOs and AppLocker/WDAC rules on ctfmon.exe injection paths, and segregate privileged accounts from the workstation tier.