Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
The Hacker News • • technology
Key Points:
- Microsoft strongly advocates for Coordinated Vulnerability Disclosure (CVD), urging researchers to share findings responsibly to allow vendors to address issues before public release.
- This stance follows a researcher named Chaotic Eclipse publicly disclosing multiple zero-day Windows vulnerabilities without prior notification to Microsoft, leading to increased risk for users.
- The disclosed vulnerabilities, including BlueHammer, RedSun, and UnDefend, are actively exploited in the wild, prompting Microsoft to work intensively on mitigation and security updates.
- Microsoft condemns uncoordinated disclosures and the sharing of proof-of-concept exploits for unpatched flaws, citing potential real-world harm from malicious actors.
- The conflict escalated with GitHub removing the researcher's account, followed by a blocked GitLab account, while the researcher threatened further disruptive disclosures scheduled for July 14, 2026.