| Threat Level: HIGH Two Windows vulnerabilities, YellowKey and GreenPlasma, give attackers full system control. A third, MiniPlasma, removes BitLocker encryption protection entirely. All three were exploited before Microsoft released a fix. |
What Happened
On June 10, 2026, Microsoft released its monthly security update and patched three zero-day vulnerabilities already being used against real targets.
YellowKey and GreenPlasma let an attacker who has any foothold on a Windows machine elevate themselves to SYSTEM-level access. That is the highest privilege level Windows has. From there, an attacker owns the machine.
MiniPlasma goes further. It bypasses BitLocker, the encryption Windows uses to protect your drives. Files you believed were locked become readable.
A zero-day means there was no patch when attackers first used it. The window between discovery and fix is when the damage gets done.
Who This Affects
Windows runs on the majority of home and business computers. That makes this a broad threat. Individuals, freelancers, and small business owners are frequent targets because they patch less often and rarely run monitoring tools.
The BitLocker angle hits hardest for anyone who relies on drive encryption as a last line of defense. A stolen laptop with an encrypted drive is normally safe. If the machine was compromised first, that protection is gone.
What to Do
Install the Windows Update Now
The patch exists. Open the Start menu, search for Windows Update, click Check for Updates, install everything, and restart. This closes all three vulnerabilities.
Set Windows to update automatically going forward. Most attacks target outdated systems.
Add Endpoint Protection
Windows Defender handles baseline threats. For behavioral monitoring that catches unusual activity from unknown threats, consider these options:
- Malwarebytes Premium: ~$40/year per device. Catches threats Defender misses and blocks real-time behavioral attacks.
- Bitdefender Total Security: ~$40/year for up to 5 devices. Top-rated in independent tests for detecting zero-day-style attacks.
- Huntress: ~$150-$300/year for small businesses. Monitors specifically for privilege escalation, the exact attack pattern used by YellowKey and GreenPlasma.
Back Up Your Files Off-Device
Privilege escalation attacks often lead to ransomware. A secure off-device backup means a compromised machine does not mean permanent data loss.
- Backblaze: ~$99/year. Continuous cloud backup for one PC.
- IDrive: ~$80/year for 5TB across multiple devices.
| What to Do Right Now Install the June 2026 Windows update. It takes under ten minutes and closes all three vulnerabilities. Then turn on automatic updates, add a behavioral security tool, and back up your files somewhere off your machine. |