Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.
A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first. Over the past month, a researcher going by Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released details of six unpatched vulnerabilities in Windows components including Defender and BitLocker. No […]
Over the past month, a researcher going by Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released details of six unpatched vulnerabilities in Windows components including Defender and BitLocker. No prior notice to Microsoft. No coordination. Just published, with proof-of-concept code attached. Three of those vulnerabilities, BlueHammer, RedSun, and UnDefend, have since been exploited in the wild.
Microsoft’s Security Response Center responded on Tuesday with a blog post that was polite in tone and unambiguous in message.
Related breach coverage
- Researchers uncover YellowKey and GreenPlasma Windows Zero-Days2026-05-15
Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections, […]
- Microsoft issues YellowKey mitigation, no patch yet2026-05-20
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS […]
- Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days2026-05-21
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek.
- Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix2026-05-18
MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the […]