Microsoft Threatens Researcher Over Bug Reports, Triggers Cybersecurity Uproar
Microsoft is facing backlash from the cybersecurity community after threatening legal action against a researcher known as 'Nightmare Eclipse' for disclosing Windows vulnerabilities. The researcher has published several unpatched flaws, including a significant exploit that could allow privilege escalation. This situation has raised concerns about responsible disclosure practices and the treatment of researchers by large corporations.
- ▪Nightmare Eclipse has published six unpatched 'zero-day' vulnerabilities in Windows.
- ▪Microsoft issued a legal threat against the researcher, emphasizing the importance of responsible disclosure.
- ▪The controversy has sparked outrage among cybersecurity professionals who argue that the researcher is providing a service by exposing critical bugs.
Opening excerpt (first ~120 words) tap to expand
The cybersecurity community is blasting Microsoft for threatening legal action against a disgruntled researcher who’s been exposing Windows vulnerabilities outside the company’s normal disclosure process. The controversy deals with a researcher known as “Nightmare Eclipse,” who has published six unpatched “zero-day” flaws in recent weeks. This includes a proof-of-concept exploit for a Windows vulnerability known as BlueHammer that can allow an attacker to escalate their privileges to the administrator level. Researchers normally submit such findings to the Microsoft Security Response Center (MSRC) for patching to prevent hackers from exploiting them. But Nightmare Eclipse has deliberately ignored the responsible disclosure route, citing claims that Microsoft mistreated them.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at PCMag.
Discussion
0 commentsMore from PCMag
