The encryption they thought was protecting them might not have been.
In an act of deliberate and calculated defiance, an unidentified researcher has released two working zero-day exploits targeting Windows 11 into the open internet, where Microsoft has no patch to offer and no warning was given. The first dismantles BitLocker — the encryption layer millions trust to protect data at rest — using nothing more than a USB stick; the second allows a limited user to seize full administrative control of a system. This is not the accidental stumbling of a curious mind, but the purposeful unraveling of trust, raising the oldest question in the ethics of knowledge: when institutions fail to listen, who bears responsibility for the consequences of disclosure?
- Two fully functional Windows 11 exploits are now publicly available, with no patch from Microsoft and no warning given — the clock started the moment they were posted.
- BitLocker, the default encryption shield enterprises depend on to protect stolen or seized machines, can now be bypassed by anyone with a USB stick and the will to use it.
- The privilege escalation vulnerability compounds the crisis — together, the two exploits form a toolkit that can unlock a machine and then hand over its keys entirely.
- The researcher appears to be acting from grievance, skipping responsible disclosure entirely and signaling that more vulnerabilities may follow in a sustained campaign.
- Security teams across every enterprise running Windows 11 are now operating in an unpatched window of exposure, forced to treat both flaws as actively exploited until proven otherwise.
Someone with deep knowledge of Windows internals and an apparent grievance against Microsoft has released two working zero-day exploits for Windows 11 — publicly, without warning, and with no patch yet available from the company.
The first exploit defeats BitLocker, the full-disk encryption that ships enabled by default on modern Windows systems. The attack requires only a USB stick, pointing to a flaw somewhere in the early boot process, before Windows has fully secured its environment. The researcher has suggested the vulnerability may be intentional — a backdoor rather than an oversight — a claim that is difficult to dismiss given how fundamental the flaw appears to be.
The second is a privilege escalation vulnerability, allowing an attacker to climb from a limited user account to full administrator access. On its own it is serious. Paired with the BitLocker bypass, the two exploits form a coherent toolkit: one to decrypt a machine, one to control it entirely.
What separates this from ordinary vulnerability disclosure is the apparent motivation. Researchers typically report findings privately, give vendors time to patch, and only then go public. This researcher went straight to open release — a choice that maximizes exposure and damage. Whether they were ignored by Microsoft after prior reports, felt personally wronged, or simply wanted to force accountability, the effect is the same: the tools are now available to anyone with the skill to use them.
Microsoft must now treat both vulnerabilities as actively exploited even without confirmed widespread attacks. Patches will come, but development, testing, and deployment take time — and the researcher has signaled they are not finished. For every enterprise running Windows 11, the window of genuine vulnerability is open, and it has no clear closing date yet.
Someone angry at Microsoft just handed the internet two working exploits for Windows 11, and the company has no patch yet. The first one defeats BitLocker, the full-disk encryption that ships turned on by default in modern Windows systems. All it takes is a USB stick. The second is a privilege escalation vulnerability—a way to climb from a limited user account to administrator access. Both are zero-days, meaning Microsoft didn't know about them before they hit the public.
The researcher behind the leaks remains unidentified, but the pattern suggests calculation. This isn't a single mistake or a careless disclosure. Someone with deep knowledge of Windows internals has chosen to burn two separate vulnerabilities at once, and they've done it publicly, where anyone with basic technical skill can now use them. The BitLocker bypass is particularly striking because it undermines one of the few security features that actually works by default—the kind of thing enterprises and security-conscious users rely on to protect data if a machine is stolen or seized.
BitLocker is supposed to be transparent. You turn it on once, and from then on, your drive is encrypted at rest. The operating system handles decryption automatically when you boot. But the new bypass apparently exploits something in how Windows handles the boot process or key management. A USB stick is all the attacker needs, which suggests the vulnerability lives somewhere in the early stages of system startup, before Windows has fully locked down the environment. The researcher has indicated they believe this might be intentional—a backdoor rather than an accident. That claim carries weight because it's hard to imagine a flaw this fundamental slipping through by chance.
The privilege escalation vulnerability is the second piece of the puzzle. On its own, it's dangerous. Combined with the BitLocker bypass, it becomes part of a toolkit. An attacker who can get code running on a system with limited permissions can now escalate to full control. An attacker who can physically access a machine can now decrypt it. Together, they represent a serious degradation of Windows 11's security posture.
What makes this moment different from typical vulnerability disclosures is the apparent motivation. Researchers usually report bugs through responsible disclosure channels—they contact the vendor, give them time to patch, and then go public. This researcher went straight to public release. The word "disgruntled" appears in multiple accounts of the incident, suggesting this is personal. Maybe they reported these issues to Microsoft before and got nowhere. Maybe they work or worked at Microsoft and felt ignored or wronged. Maybe they simply believe the company deserves to be embarrassed. Whatever the reason, they've chosen to maximize damage rather than minimize it.
Microsoft now faces a genuine crisis. The company has to treat both vulnerabilities as actively exploited, even though there's no evidence yet of widespread attacks in the wild. Security teams at every enterprise running Windows 11 are waking up to the fact that their encryption might not work and their access controls might not hold. The patches, when they come, will be critical. But patches take time to develop, test, and deploy. In the meantime, the vulnerabilities are public knowledge, and the tools to exploit them are available to anyone motivated enough to build them.
The researcher has signaled they're not done. The phrase "keeps the zero-days coming" appears in coverage, suggesting this might be the first wave of a sustained campaign. If that's true, Microsoft's security team is about to have a very difficult few weeks. And anyone running Windows 11 without a clear patch strategy is now operating in a window of genuine vulnerability.
Citações Notáveis
The researcher believes the BitLocker vulnerability may be intentional—a backdoor rather than an accident— Security researchers analyzing the disclosure
A Conversa do Hearth Outra perspectiva sobre a história
Why would someone do this? Leak two exploits at once, publicly, with no warning?
Because they're angry. And because they want to force Microsoft's hand. Responsible disclosure takes months. This way, the company has to move fast or look negligent.
But doesn't that put regular users at risk?
It does. That's the point, in a way. The researcher is saying the risk was already there—Microsoft just didn't know it. Now everyone knows it together.
The BitLocker thing troubles me. That's supposed to be the one thing that actually works.
Right. If the researcher is correct that it's intentional, that's a different problem entirely. That's not a bug. That's a design choice someone made.
What happens next?
Microsoft patches. Security teams scramble to deploy patches. The researcher either stops or releases more. And everyone learns that the encryption they thought was protecting them might not have been.
Is this person going to get caught?
Probably eventually. But by then the damage is done. The exploits are public. The knowledge is out there. You can't un-ring that bell.