Overview
- A researcher using the handles Chaotic Eclipse and Nightmare Eclipse published proof‑of‑concept exploit code for six Windows zero‑day vulnerabilities over recent weeks, bypassing Microsoft’s normal coordinated disclosure channels.
- Microsoft reported that three of the bugs called BlueHammer, RedSun and UnDefend were observed being exploited in the wild and that its teams were racing to protect customers and build patches.
- Four of the flaws have been assigned CVE identifiers while YellowKey, GreenPlasma and MiniPlasma currently lack fixes and Microsoft has said a working proof‑of‑concept makes YellowKey more likely to be abused.
- Microsoft had the researcher’s accounts taken down on GitHub and GitLab and warned its Digital Crimes Unit may pursue legal or law‑enforcement action, while the researcher says Microsoft deleted their MSRC access, withheld payments, and has threatened another release on July 14.
- Security veterans say this dispute highlights strain on the coordinated vulnerability disclosure model as faster discovery and working exploit code shrink patch windows and risk chilling future researcher‑vendor cooperation.