Two unpatched Windows vulnerabilities under a single CVE (CVE-2026-33825) target the most common enterprise BitLocker configuration and expose a local privilege escalation path to SYSTEM from any user session. No Microsoft patches are available; compensating controls are the only immediate remediation. Working exploit code is publicly available for both.