Tag

Coordinated Vulnerability Disclosure

All articles tagged with #coordinated vulnerability disclosure

Microsoft backs coordinated vulnerability disclosure after researcher’s zero-day spill
security1 month ago

Microsoft backs coordinated vulnerability disclosure after researcher’s zero-day spill

Microsoft pressed for Coordinated Vulnerability Disclosure after Chaotic Eclipse exposed multiple Windows zero-days (BlueHammer, RedSun, UnDefend, YellowKey, among others), with several exploits already in the wild. The company says uncoordinated disclosures risk customers and impeded timely fixes, while promoting dialogue within the security community. GitHub reportedly removed the researcher’s account amid the flare-up, and exploit code briefly appeared on GitLab before the account was blocked. The researcher has warned of a July 14, 2026 release, signaling ongoing tensions between researchers and vendors over disclosure practices.

technology1 month ago

GitHub bans vigilante Windows zero-day leaker over disclosed flaws

GitHub terminated the anonymous security researcher Nightmare-Eclipse after publicly disclosing unpatched Windows vulnerabilities, with the researcher moving to GitLab and continuing to publish exploits (BlueHammer, YellowKey) and threats; Microsoft says the disclosures violated coordinated vulnerability disclosure practices, sparking mixed reactions from the community.

Microsoft Faces Criticism Over Zero-Day Vulnerabilities and Patch Delays
cybersecurity2 years ago

Microsoft Faces Criticism Over Zero-Day Vulnerabilities and Patch Delays

Trend Micro's Zero Day Initiative (ZDI) criticized Microsoft for not crediting them in the disclosure and patching of a zero-day vulnerability in MSHTML, reported in May and patched in July. ZDI claims the flaw is a remote code execution vulnerability, contrary to Microsoft's classification as a spoofing vulnerability. This incident highlights broader issues in the coordinated vulnerability disclosure process, with vendors often failing to properly communicate and credit researchers.