Microsoft Threatens Researcher Over Zero‑Day Bugs

Get the Geopolitics newsletter
Daily geopolitics — wars, elections, sanctions, the diplomatic moves that move markets. Free.
- Microsoft posted a blog warning that zero‑day releases are “never justifiable” and threatened legal action against security researcher Nightmare Eclipse for public bug disclosures.
- Nightmare Eclipse published a series of unpatched bugs and exploit code for Microsoft products, then warned he would release more zero‑days if Microsoft continued its stance.
- Microsoft Security Response Center published a coordinated vulnerability disclosure policy, labeling uncoordinated zero‑day releases as “never justifiable”.
- Multiple media outlets (The Register, CSO, PCMag, etc.) reported the clash, highlighting the tension between vendor security policies and independent researchers.
- Social‑media users on X criticized Microsoft for alienating researchers and suggested the researcher could profit by selling exploits on the grey market.
Why it matters: The clash pits Microsoft’s effort to control vulnerability disclosures against a researcher’s willingness to expose flaws, risking a breakdown in coordinated patching and could pressure regulators to intervene.




