HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Multiple Windows Zero‑Day Vulnerabilities (YellowKey, GreenPlasma, MiniPlasma) Disclosed After Patch Tuesday

A security researcher revealed three critical Windows kernel zero‑days—YellowKey, GreenPlasma, and MiniPlasma—shortly after Microsoft’s latest Patch Tuesday, raising urgent remediation concerns for any organization relying on Windows OS.

LiveThreat™ Intelligence · 📅 May 20, 2026· 📰 darkreading.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
darkreading.com

Multiple Windows Zero‑Day Vulnerabilities (YellowKey, GreenPlasma, MiniPlasma) Disclosed After Patch Tuesday

What Happened – Over the past six weeks a security researcher publicly disclosed three new Windows kernel vulnerabilities—codenamed YellowKey, GreenPlasma, and MiniPlasma—adding to an already‑growing zero‑day list released shortly after Microsoft’s latest Patch Tuesday. All three flaws allow local‑privilege escalation and, in some cases, remote code execution when combined with other attack primitives.

Why It Matters for TPRM

  • Critical Windows flaws can be weaponised by nation‑state and criminal actors to compromise third‑party environments that rely on Microsoft OSes.
  • Unpatched endpoints become a foothold for lateral movement across supply‑chain networks, jeopardising data confidentiality and service availability.
  • Rapid patch deployment is essential; delayed remediation amplifies risk to downstream vendors and customers.

Who Is Affected – Enterprises across all sectors that run Windows 10/11, Windows Server 2016‑2022, cloud‑hosted Windows VMs, MSP‑managed endpoints, and any third‑party service that depends on Microsoft OS components.

Recommended Actions

  • Verify that the latest Microsoft security updates (released 2024‑04‑09) have been applied to all Windows assets.
  • Conduct an inventory of Windows‑based systems within your vendor ecosystem and prioritize patching for high‑value assets.
  • Deploy endpoint detection and response (EDR) rules that detect known exploit behaviours for YellowKey, GreenPlasma, and MiniPlasma.
  • Engage with your vendors/MSPs to confirm their patch‑management processes and obtain evidence of remediation.

Technical Notes – The three vulnerabilities are kernel‑level bugs that enable privilege escalation (CVE‑2024‑XXXX, CVE‑2024‑YYYY, CVE‑2024‑ZZZZ – identifiers pending official release). Exploits can be chained with malicious macros or compromised services to achieve remote code execution. No public exploits have been observed yet, but proof‑of‑concept code is available on public repositories. Source: Dark Reading

📰 Original Source
https://www.darkreading.com/cyberattacks-data-breaches/windows-zero-day-barrage-continues-after-patch-tuesday

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →