Windows BitLocker exploit sparks messy feud between Microsoft and the researcher who exposed it
Microsoft said the researcher published exploit code before patches were available, while attackers have since used some flaws in real-world attacks, officials said.
- On Wednesday, Microsoft published a blog post criticizing security researcher Nightmare Eclipse for publicly disclosing unpatched vulnerabilities in Windows Defender and BitLocker, while threatening legal action through its Digital Crimes Unit.
- Nightmare Eclipse claims Microsoft revoked access to its Microsoft Security Response Center after the researcher contacted the company, then published exploit code on GitHub and GitLab without receiving a patch.
- Katie Moussouris, founder of Luta Security, told TechCrunch that invoking "responsible disclosure" was "the first strike," warning that threatening prosecution will only result in researchers distrusting Microsoft.
- Security researcher Kevin Beaumont called Microsoft's position "a dumpster fire of its own making," while industry consensus favors "coordinated disclosure," where companies patch vulnerabilities before public release.
- Anthropic's Project Glasswing found 10,000 critical vulnerabilities in one month, with only 97 patched, illustrating how alienating researchers widens the gap between discovery and remediation across the industry.
13 Articles
13 Articles
Microsoft is threatening legal action for disclosing exploits
Microsoft is facing criticism for its handling of zero-day exploits. Someone going by the name Nightmare Eclipse has been publicly feuding with the company, posting proof-of-concept exploit code. Some of their posts suggest that they're a disgruntled former employee. But what caught cyber security researcher Kevin Beaumont's eye was how Microsoft has responded. Microsoft suggests it plans to bring a criminal case against Nightmare Eclipse for fa…
Microsoft threatened a security researcher with criminal prosecution. The cybersecurity community is furious.
Microsoft published a blog post on Wednesday criticising a security researcher known as “Nightmare Eclipse” for publicly disclosing a series of unpatched vulnerabilities in Windows Defender and BitLocker. The company then invoked its Digital Crimes Unit, which handles criminal referrals and law enforcement coordination. The cybersecurity community responded with outrage. The bugs, named BlueHammer, RedSun, […] This story continues at The Next Web
Windows BitLocker exploit sparks messy feud between Microsoft and the researcher who exposed it
The issue centers on a zero-day exploit called "YellowKey," published earlier this month by a security researcher known as Chaotic Eclipse, also known online as Nightmare-Eclipse. The proof of concept demonstrates a method for accessing BitLocker-encrypted drives on Windows 11 using a USB device.Read Entire Article
"They will ruin my life": Microsoft threatens to wield 'Digital Crimes Unit' over zero-day exploit disclosures — causing uproar in the cybersec community
Microsoft's approach to working with security researchers has long been controversial, but some of its recent language has alarmed some commentators.
Microsoft Faces Backlash Over Criminal Probe Threat Against Security Researcher
Windows 11 has been his by a series of zero-day exploits recently, which were brought to light by aggrieved cybersecurity researcher Nightmare-Eclipse. In response, Microsoft published a blog post threatening legal action against the the researcher, after taking his exploits down from GitHub. And that move has spurred widespread outcry from
Crypto Briefing
BITRSSMicrosoft threatens legal action against researcher Nightmare Eclipse for exploit disclosure
Microsoft's legal threats may deter future vulnerability disclosures, risking security research stagnation and increased exploitation risks. The post Microsoft threatens legal action against researcher Nightmare Eclipse for exploit disclosure appeared first on Crypto Briefing.
Coverage Details
Bias Distribution
- 67% of the sources lean Left
Factuality
To view factuality data please Upgrade to Premium
