Microsoft condemned a wave of uncoordinated Windows zero-day disclosures by the pseudonymous researcher Nightmare Eclipse, saying that publishing proof-of-concept code for unpatched flaws is “never justifiable.” Several of the disclosed bugs, including BlueHammer, UnDefend, and RedSun, have already been exploited, while Microsoft said its Digital Crimes Unit will continue pursuing those who enable criminal activity. #Microsoft #NightmareEclipse #BlueHammer #UnDefend #RedSun #CISA
Keypoints
- Microsoft condemned uncoordinated disclosure of Windows zero-days with proof-of-concept code.
- Nightmare Eclipse released six vulnerabilities, three of which have been exploited in the wild.
- BlueHammer, UnDefend, and RedSun are listed by CISA as known exploited vulnerabilities.
- YellowKey, GreenPlasma, and MiniPlasma were disclosed later and remain unpatched.
- Microsoft said its Digital Crimes Unit may bring cases against actors who enable cybercrime.