{"id":47872,"date":"2026-05-18T14:48:07","date_gmt":"2026-05-18T07:48:07","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47872"},"modified":"2026-05-20T14:48:50","modified_gmt":"2026-05-20T07:48:50","slug":"canh-bao-chuoi-lo-hong-zero-day-de-doa-lop-phong-ve-bitlocker-tren-windows","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/canh-bao-chuoi-lo-hong-zero-day-de-doa-lop-phong-ve-bitlocker-tren-windows\/","title":{"rendered":"C\u1ea3nh b\u00e1o: Chu\u1ed7i l\u1ed7 h\u1ed5ng Zero-day \u0111e d\u1ecda l\u1edbp ph\u00f2ng v\u1ec7 BitLocker tr\u00ean Windows"},"content":{"rendered":"<div><b>M\u1ed9t lo\u1ea1t l\u1ed7 h\u1ed5ng zero-day v\u1eeba \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 \u0111ang \u0111\u1eb7t l\u1ea1i c\u00e2u h\u1ecfi v\u1ec1 m\u1ee9c \u0111\u1ed9 an to\u00e0n th\u1ef1c s\u1ef1 c\u1ee7a BitLocker v\u00e0 chu\u1ed7i kh\u1edfi \u0111\u1ed9ng Windows. Trong c\u00e1c th\u1eed nghi\u1ec7m \u0111\u01b0\u1ee3c ti\u1ebft l\u1ed9, k\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng ch\u1ec9 c\u00f3 th\u1ec3 v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf m\u00e3 h\u00f3a \u1ed5 \u0111\u0129a, m\u00e0 c\u00f2n c\u00f3 kh\u1ea3 n\u0103ng m\u1edf phi\u00ean d\u00f2ng l\u1ec7nh ngay trong m\u00f4i tr\u01b0\u1eddng kh\u00f4i ph\u1ee5c h\u1ec7 th\u1ed1ng, t\u1eeb \u0111\u00f3 v\u00f4 hi\u1ec7u h\u00f3a g\u1ea7n nh\u01b0 to\u00e0n b\u1ed9 l\u1edbp b\u1ea3o v\u1ec7 \u1edf c\u1ea5p \u0111\u1ed9 boot.<\/b><br \/>\n\u200b<\/div>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"thay the.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/thay-the-png.19022\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"thay the.png\" src=\"https:\/\/whitehat.vn\/attachments\/thay-the-png.19022\/\" alt=\"thay the.png\" width=\"700\" height=\"390\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<\/div>\n<div>\nC\u00e1c ph\u00e1t hi\u1ec7n n\u00e0y xu\u1ea5t hi\u1ec7n khi Windows 11 v\u00e0 Windows Server 2022\/2025 ti\u1ebfp t\u1ee5c b\u1ecb nh\u1eafm t\u1edbi b\u1edfi c\u00e1c nghi\u00ean c\u1ee9u khai th\u00e1c s\u00e2u v\u00e0o WinRE, Secure Boot v\u00e0 c\u01a1 ch\u1ebf ph\u00e2n quy\u1ec1n n\u1ed9i b\u1ed9, v\u1ed1n \u0111\u01b0\u1ee3c xem l\u00e0 h\u00e0ng r\u00e0o cu\u1ed1i c\u00f9ng c\u1ee7a h\u1ec7 \u0111i\u1ec1u h\u00e0nh.<\/p>\n<p>M\u1ed9t nh\u00e0 nghi\u00ean c\u1ee9u c\u00f3 bi\u1ec7t danh Chaotic Eclipse &#8211; ng\u01b0\u1eddi t\u1eebng c\u00f4ng b\u1ed1 nhi\u1ec1u l\u1ed7 h\u1ed5ng Microsoft Defender tr\u01b0\u1edbc \u0111\u00f3, m\u1edbi \u0111\u00e2y \u0111\u00e3 ti\u1ebft l\u1ed9 hai zero-day tr\u00ean Windows li\u00ean quan \u0111\u1ebfn c\u01a1 ch\u1ebf v\u01b0\u1ee3t qua BitLocker v\u00e0 leo thang \u0111\u1eb7c quy\u1ec1n, v\u1edbi t\u00ean g\u1ecdi YellowKey v\u00e0 GreenPlasma.<\/p>\n<p>YellowKey \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 l\u00e0 nghi\u00eam tr\u1ecdng nh\u1ea5t khi \u1ea3nh h\u01b0\u1edfng tr\u1ef1c ti\u1ebfp \u0111\u1ebfn Windows Recovery Environment (WinRE), m\u00f4i tr\u01b0\u1eddng kh\u00f4i ph\u1ee5c d\u00f9ng khi h\u1ec7 \u0111i\u1ec1u h\u00e0nh g\u1eb7p s\u1ef1 c\u1ed1 kh\u1edfi \u0111\u1ed9ng. Theo m\u00f4 t\u1ea3, khai th\u00e1c c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c th\u1ef1c hi\u1ec7n th\u00f4ng qua USB ho\u1eb7c ph\u00e2n v\u00f9ng EFI ch\u1ee9a c\u00e1c t\u1ec7p FsTx \u0111\u01b0\u1ee3c chu\u1ea9n b\u1ecb s\u1eb5n. Khi m\u00e1y kh\u1edfi \u0111\u1ed9ng v\u00e0o WinRE, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 k\u00edch ho\u1ea1t giao di\u1ec7n d\u00f2ng l\u1ec7nh trong qu\u00e1 tr\u00ecnh boot. \u0110i\u1ec3m \u0111\u00e1ng ch\u00fa \u00fd l\u00e0 BitLocker v\u1eabn c\u00f3 th\u1ec3 b\u1ecb v\u01b0\u1ee3t qua trong k\u1ecbch b\u1ea3n n\u00e0y, ngay c\u1ea3 khi h\u1ec7 th\u1ed1ng s\u1eed d\u1ee5ng TPM k\u1ebft h\u1ee3p PIN. \u0110i\u1ec1u n\u00e0y \u0111\u1ed3ng ngh\u0129a l\u1edbp m\u00e3 h\u00f3a \u1ed5 \u0111\u0129a kh\u00f4ng c\u00f2n \u0111\u1ea3m b\u1ea3o an to\u00e0n trong c\u00e1c t\u00ecnh hu\u1ed1ng c\u00f3 truy c\u1eadp v\u1eadt l\u00fd.<\/p>\n<p>Ph\u00e2n t\u00edch ban \u0111\u1ea7u cho th\u1ea5y v\u1ea5n \u0111\u1ec1 c\u00f3 th\u1ec3 li\u00ean quan \u0111\u1ebfn Transactional NTFS (TxF), khi d\u1eef li\u1ec7u t\u1eeb m\u1ed9t USB c\u00f3 th\u1ec3 \u1ea3nh h\u01b0\u1edfng sang ph\u00e2n v\u00f9ng kh\u00e1c trong qu\u00e1 tr\u00ecnh WinRE x\u1eed l\u00fd. C\u01a1 ch\u1ebf n\u00e0y d\u1eabn \u0111\u1ebfn kh\u1ea3 n\u0103ng thay \u0111\u1ed5i t\u1ec7p c\u1ea5u h\u00ecnh kh\u1edfi \u0111\u1ed9ng, t\u1eeb \u0111\u00f3 t\u1ea1o \u0111i\u1ec1u ki\u1ec7n m\u1edf shell trong m\u00f4i tr\u01b0\u1eddng m\u00e0 BitLocker \u0111\u00e3 b\u1ecb gi\u1ea3i m\u00e3.<\/p>\n<p>L\u1ed7 h\u1ed5ng th\u1ee9 hai, GreenPlasma, li\u00ean quan \u0111\u1ebfn Windows CTFMON v\u00e0 \u0111\u01b0\u1ee3c m\u00f4 t\u1ea3 l\u00e0 l\u1ed7i t\u1ea1o \u0111\u1ed1i t\u01b0\u1ee3ng v\u00f9ng nh\u1edb t\u00f9y \u00fd. Trong k\u1ecbch b\u1ea3n khai th\u00e1c, ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng c\u00f3 quy\u1ec1n c\u00f3 th\u1ec3 t\u1ea1o memory section object trong c\u00e1c th\u01b0 m\u1ee5c m\u00e0 ti\u1ebfn tr\u00ecnh h\u1ec7 th\u1ed1ng tin t\u01b0\u1edfng. D\u00f9 proof-of-concept hi\u1ec7n t\u1ea1i ch\u01b0a ho\u00e0n ch\u1ec9nh \u0111\u1ec3 \u0111\u1ea1t quy\u1ec1n SYSTEM, c\u1ea5u tr\u00fac k\u1ef9 thu\u1eadt cho th\u1ea5y kh\u1ea3 n\u0103ng leo thang \u0111\u1eb7c quy\u1ec1n l\u00e0 r\u00f5 r\u00e0ng n\u1ebfu \u0111\u01b0\u1ee3c ph\u00e1t tri\u1ec3n \u0111\u1ea7y \u0111\u1ee7, \u0111\u1eb7c bi\u1ec7t trong c\u00e1c m\u00f4i tr\u01b0\u1eddng c\u00f3 d\u1ecbch v\u1ee5 ho\u1eb7c driver tin t\u01b0\u1edfng sai \u0111\u01b0\u1eddng d\u1eabn h\u1ec7 th\u1ed1ng.<\/p>\n<p>Tr\u01b0\u1edbc \u0111\u00f3, c\u00f9ng nh\u00e0 nghi\u00ean c\u1ee9u n\u00e0y t\u1eebng c\u00f4ng b\u1ed1 lo\u1ea1t l\u1ed7 h\u1ed5ng Microsoft Defender g\u1ed3m BlueHammer, RedSun v\u00e0 UnDefend. Trong \u0111\u00f3 BlueHammer \u0111\u00e3 \u0111\u01b0\u1ee3c g\u00e1n m\u00e3 CVE-2026-33825 v\u00e0 \u0111\u01b0\u1ee3c Microsoft ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1, trong khi RedSun \u0111\u01b0\u1ee3c cho l\u00e0 \u0111\u00e3 \u0111\u01b0\u1ee3c x\u1eed l\u00fd \u00e2m th\u1ea7m m\u00e0 kh\u00f4ng c\u00f3 th\u00f4ng b\u00e1o ch\u00ednh th\u1ee9c. Nh\u00e0 nghi\u00ean c\u1ee9u c\u0169ng cho bi\u1ebft c\u00f3 th\u1ec3 ti\u1ebfp t\u1ee5c c\u00f4ng b\u1ed1 th\u00eam c\u00e1c ph\u00e1t hi\u1ec7n m\u1edbi trong chu k\u1ef3 Patch Tuesday s\u1eafp t\u1edbi.<\/p>\n<p>Song song v\u1edbi nh\u00f3m zero-day n\u00e0y, c\u00f4ng ty an ninh m\u1ea1ng Intrinsec c\u0169ng ghi nh\u1eadn m\u1ed9t chu\u1ed7i t\u1ea5n c\u00f4ng kh\u00e1c nh\u1eb1m v\u00e0o BitLocker, khai th\u00e1c l\u1ed7 h\u1ed5ng h\u1ea1 c\u1ea5p boot manager li\u00ean quan \u0111\u1ebfn CVE-2025-48804.<\/p>\n<p>K\u1ecbch b\u1ea3n t\u1ea5n c\u00f4ng t\u1eadn d\u1ee5ng c\u00e1ch Windows Boot Manager x\u1eed l\u00fd c\u00e1c file System Deployment Image (SDI) v\u00e0 Windows Imaging Format (WIM). Trong m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p, h\u1ec7 th\u1ed1ng ki\u1ec3m tra m\u1ed9t WIM h\u1ee3p l\u1ec7 nh\u01b0ng l\u1ea1i kh\u1edfi \u0111\u1ed9ng t\u1eeb m\u1ed9t WIM kh\u00e1c \u0111\u00e3 b\u1ecb ch\u1ec9nh s\u1eeda, d\u1eabn \u0111\u1ebfn vi\u1ec7c th\u1ef1c thi m\u00e3 \u0111\u1ed9c trong m\u00f4i tr\u01b0\u1eddng WinRE v\u1edbi quy\u1ec1n truy c\u1eadp v\u00e0o ph\u00e2n v\u00f9ng \u0111\u00e3 \u0111\u01b0\u1ee3c gi\u1ea3i m\u00e3 BitLocker.<\/p>\n<p>D\u00f9 Microsoft \u0111\u00e3 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1 trong n\u0103m 2025, c\u00e1c chuy\u00ean gia c\u1ea3nh b\u00e1o Secure Boot v\u1eabn t\u1ed3n t\u1ea1i h\u1ea1n ch\u1ebf khi ch\u1ee7 y\u1ebfu d\u1ef1a v\u00e0o ch\u1eef k\u00fd s\u1ed1 thay v\u00ec ki\u1ec3m tra phi\u00ean b\u1ea3n th\u00e0nh ph\u1ea7n. \u0110i\u1ec1u n\u00e0y khi\u1ebfn c\u00e1c bootloader c\u0169 v\u1eabn c\u00f3 th\u1ec3 b\u1ecb l\u1ee3i d\u1ee5ng n\u1ebfu c\u00f2n \u0111\u01b0\u1ee3c k\u00fd h\u1ee3p l\u1ec7.<\/p>\n<p>C\u00e1c chuy\u00ean gia khuy\u1ebfn ngh\u1ecb bi\u1ec7n ph\u00e1p quan tr\u1ecdng nh\u1ea5t l\u00e0 k\u00edch ho\u1ea1t BitLocker k\u00e8m PIN kh\u1edfi \u0111\u1ed9ng \u0111\u1ec3 t\u0103ng l\u1edbp x\u00e1c th\u1ef1c tr\u01b0\u1edbc boot, \u0111\u1ed3ng th\u1eddi \u0111\u1ea3m b\u1ea3o h\u1ec7 th\u1ed1ng \u0111\u00e3 chuy\u1ec3n sang ch\u1ee9ng ch\u1ec9 CA 2023 v\u00e0 thu h\u1ed3i PCA 2011. \u0110\u00e2y l\u00e0 b\u01b0\u1edbc quan tr\u1ecdng nh\u1eb1m ng\u0103n ch\u1eb7n c\u00e1c k\u1ecbch b\u1ea3n h\u1ea1 c\u1ea5p chu\u1ed7i kh\u1edfi \u0111\u1ed9ng \u2013 m\u1ed9t trong nh\u1eefng k\u1ef9 thu\u1eadt ph\u1ed5 bi\u1ebfn \u0111\u1ec3 v\u01b0\u1ee3t qua BitLocker trong t\u1ea5n c\u00f4ng v\u1eadt l\u00fd.<\/p>\n<p>S\u1ef1 xu\u1ea5t hi\u1ec7n li\u00ean ti\u1ebfp c\u1ee7a c\u00e1c l\u1ed7 h\u1ed5ng li\u00ean quan \u0111\u1ebfn WinRE, Secure Boot v\u00e0 BitLocker cho th\u1ea5y b\u1ec1 m\u1eb7t t\u1ea5n c\u00f4ng \u1edf t\u1ea7ng kh\u1edfi \u0111\u1ed9ng Windows v\u1eabn c\u00f2n nhi\u1ec1u \u0111i\u1ec3m y\u1ebfu ph\u1ee9c t\u1ea1p. Khi l\u1edbp b\u1ea3o v\u1ec7 c\u1ed1t l\u00f5i c\u00f3 th\u1ec3 b\u1ecb t\u00e1c \u0111\u1ed9ng ngay tr\u01b0\u1edbc khi h\u1ec7 \u0111i\u1ec1u h\u00e0nh kh\u1edfi \u0111\u1ed9ng, ranh gi\u1edbi gi\u1eefa h\u1ec7 th\u1ed1ng \u201c\u0111\u01b0\u1ee3c m\u00e3 h\u00f3a\u201d v\u00e0 \u201cc\u00f3 th\u1ec3 b\u1ecb truy c\u1eadp\u201d tr\u1edf n\u00ean mong manh h\u01a1n \u0111\u00e1ng k\u1ec3.\u200b<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t lo\u1ea1t l\u1ed7 h\u1ed5ng zero-day v\u1eeba \u0111\u01b0\u1ee3c c\u00f4ng b\u1ed1 \u0111ang \u0111\u1eb7t l\u1ea1i c\u00e2u h\u1ecfi v\u1ec1 m\u1ee9c \u0111\u1ed9 an to\u00e0n th\u1ef1c s\u1ef1 c\u1ee7a BitLocker v\u00e0 chu\u1ed7i kh\u1edfi \u0111\u1ed9ng Windows. Trong c\u00e1c th\u1eed nghi\u1ec7m \u0111\u01b0\u1ee3c ti\u1ebft l\u1ed9, k\u1ebb t\u1ea5n c\u00f4ng kh\u00f4ng ch\u1ec9 c\u00f3 th\u1ec3 v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf m\u00e3 h\u00f3a \u1ed5 \u0111\u0129a, m\u00e0 c\u00f2n c\u00f3 kh\u1ea3 n\u0103ng [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":47873,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47872","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47872"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47872\/revisions"}],"predecessor-version":[{"id":47874,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47872\/revisions\/47874"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47873"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}