Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

News 617 June 11, 2026 0
code-vulnerability-security-1000x648.jpg



Tuesday’s patch bundle additionally fastened MiniPlasma, a separate vulnerability disclosed by Nightmare Eclipse. Microsoft mentioned in an e mail that the vulnerability is tracked as CVE-2020-17103, a vulnerability Microsoft first fastened six years in the past. Which means MiniPlasma was the results of a regression or an incomplete patch in its preliminary type. The corporate is within the technique of updating Tuesday’s bulletin to notice the republication.

Microsoft has but to launch patches for different vulnerabilities disclosed by Nightmare Eclipse. The corporate did present guide directions for mitigating YellowKey, a vulnerability that permits attackers to defeat Bitlocker full-disk encryption. That may very well be a boon when attackers have bodily entry to a tool (the exact state of affairs Bitlocker is designed to guard in opposition to). The corporate has but to repair the underlying explanation for the vulnerability.

The standing of different vulnerabilities disclosed by Nightmare Eclipse are additionally unclear in the intervening time. The researcher named one vulnerability, current in Home windows Defender RedSun. One other, named BlueHammer, can also be a neighborhood privilege escalation flaw that gives SYSTEM rights.

Over the previous few months, Nightmare Eclipse has taken a number of potshots at Microsoft. The precise criticisms stay unclear, however many make references to complaints concerning the firm’s vulnerability disclosure program. Microsoft, in flip, has publicly railed in opposition to the researcher for “not responsibly” disclosing the vulnerabilities and made a vailed reference to the potential of pursuing authorized motion. After a public backlash, Microsoft later relented and vowed no such authorized motion would happen.

On Tuesday, Nightmare Eclipse printed exploit code for a brand new Home windows vulnerability. It’s a race situation that targets Defender.

Tuesday’s patch batch included fixes for roughly 200 vulnerabilities. However the looks that MiniPlasma was fastened, two of them have been additionally confirmed as zero-days.

Put up up to date to incorporate data Microsoft offered after preliminary publication of this put up.

More Stories

260524_TechnologyReview_EnhancedGames_276-social.jpg

The Obtain: the “steroid olympics” and a safer Mythos

News 617 June 10, 2026 0
meta-getty.jpg

Meta indicators first AI knowledge heart deal in India with Reliance

News 617 June 10, 2026 0
l-intro-1780515506.jpg

Liquid Vs. Stable Gas Rockets: What’s The Distinction?

News 617 June 9, 2026 0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

image-26.jpg

Fiona Ma and Gloria Romero advance to lieutenant governor runoff – NBC Los Angeles

News 617 June 11, 2026 0
code-vulnerability-security-1000x648.jpg

Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

News 617 June 11, 2026 0
blog-1.png

Summery stretch – Boston Information, Climate, Sports activities

News 617 June 11, 2026 0
Richard-7-1.jpg

Celebrating the Subsequent Era: The Princess Grace Summer time Soirée

News 617 June 11, 2026 0
bdb82114a53e93007a05f5d8860d6599.jpeg

Is IQVIA Holdings Inventory Outperforming the Dow?

News 617 June 11, 2026 0