A heated debate is exploding in the security world over “zero-time-diff” vulnerability disclosure. Researcher Chaotic Eclipse (Nightmare-Eclipse) has allegedly been publishing multiple Windows issues since early April—BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, MiniPlasma, and more—each tied to several CVEs. As the potential impact widened, Microsoft finally responded publicly, calling out the researcher for releasing technical details without coordinating with official channels. In an MSRC blog post dated May 27, Microsoft criticized this as “irresponsible disclosure.” The core claim: when vulnerabilities go public before proper coordination, real-world attackers can weaponize them faster—turning academic discussion into immediate risk. Microsoft also noted its digital crime investigators will track activity and pursue legal action when needed, potentially involving global law enforcement. Earlier hints of friction surfaced too: reports said accounts were removed after vulnerability reports, GitHub access was cut, repositories moved to GitLab—and then GitLab reportedly blocked the account. Meanwhile, identity and process disputes continue: some say MSRC responses were slow or rejected, others argue Microsoft later patched what it initially downplayed. The real question: what disclosure timeline is “responsible” without sacrificing transparency? #Cybersecurity #VulnerabilityDisclosure #MSRC #WindowsSecurity #ZeroDay #BugBounty
Want to learn more? Visit Explore the world, stay updated on travel insights and international affairs, and discover authentic stories from real life
评论
发表评论