Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
Summary
Microsoft released security updates to fix two serious computer security flaws called zero-days, disclosed by a researcher named Nightmare Eclipse. This researcher has had a public dispute with Microsoft over how vulnerabilities were handled and disclosed.Key Facts
- Microsoft fixed two high-risk zero-day vulnerabilities disclosed by the researcher Nightmare Eclipse.
- One vulnerability, CVE-2026-45586, allows users with limited permissions to gain full system control, and was disclosed in May.
- Another vulnerability, MiniPlasma (CVE-2020-17103), was fixed again after reappearing due to an incomplete patch from six years ago.
- No evidence shows these vulnerabilities have been actively exploited by hackers yet.
- Microsoft has not yet patched other vulnerabilities disclosed by Nightmare Eclipse but gave instructions to reduce risk for one affecting Bitlocker encryption.
- Nightmare Eclipse criticized Microsoft’s vulnerability disclosure program and released exploit code publicly.
- Microsoft criticized the researcher for disclosing flaws without proper coordination and hinted at legal action, but later dropped those plans.
- The latest Microsoft update fixed about 200 security issues, including some confirmed zero-days.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.