Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures
A bug hunter has leaked a vulnerability affecting Microsoft’s Visual Studio Code after becoming frustrated with the company's response to security reports. The exploit allows attackers to push malicious extensions that can steal OAuth tokens from users. This incident highlights ongoing concerns about Microsoft's handling of vulnerability disclosures and the impact on security researchers.
- ▪Ammar Askar leaked a proof of concept exploit for a VS Code flaw shortly after notifying a contact at GitHub.
- ▪The vulnerability allows attackers to push malicious extensions via the Workspace Recommendations feature, compromising OAuth tokens.
- ▪Askar's decision to publicly disclose the exploit was influenced by negative past experiences with Microsoft's Security Response Center.
Opening excerpt (first ~120 words) tap to expand
(function() { let windowUrl = window.location.href; windowUrl = windowUrl.substring(windowUrl.indexOf('?') + 1); let messageElement = document.querySelector('.shareableMessage'); if (windowUrl && windowUrl.includes('code') && windowUrl.includes('expires')) { messageElement.style.display = 'block'; } })(); Security Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks Connor Jones Connor Jones Cybersecurity reporter Published wed 3 Jun 2026 // 15:30 UTC Yet another aggrieved bug hunter has leaked a vulnerability affecting a Microsoft product after becoming disillusioned with the company’s handling of security reports.Ammar Askar dropped a…
Excerpt limited to ~120 words for fair-use compliance. The full article is at The Register.
Discussion
0 commentsMore from The Register
