Microsoft backs coordinated vulnerability disclosure after researcher’s zero-day spill
TL;DR Summary
Microsoft pressed for Coordinated Vulnerability Disclosure after Chaotic Eclipse exposed multiple Windows zero-days (BlueHammer, RedSun, UnDefend, YellowKey, among others), with several exploits already in the wild. The company says uncoordinated disclosures risk customers and impeded timely fixes, while promoting dialogue within the security community. GitHub reportedly removed the researcher’s account amid the flare-up, and exploit code briefly appeared on GitLab before the account was blocked. The researcher has warned of a July 14, 2026 release, signaling ongoing tensions between researchers and vendors over disclosure practices.
Topics:technology#coordinated-vulnerability-disclosure#cybersecurity#github#security#windows-defender#zero-day
- Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal The Hacker News
- Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops The Register
- Microsoft fires warning shot at anonymous researcher Nightmare-Eclipse over 6 public zero-days Cybernews
- Microsoft Threatens Researcher Over Bug Reports, Triggers Cybersecurity Uproar PCMag
- Too many zero-days: Microsoft threatens legal action Heise Online
Reading Insights
Total Reads
0
Unique Readers
7
Time Saved
2 min
vs 3 min read
Condensed
82%
465 → 85 words
Want the full story? Read the original article
Read on The Hacker News