Microsoft on risks of public zero‑day disclosures after researcher account deletion

Colleagues, a note for cybersecurity professionals: Microsoft criticised public disclosures of several zero‑days following deletion of a researcher's account.
What happened: Chaotic Eclipse published details of Windows vulnerabilities (BlueHammer, RedSun, UnDefend, YellowKey, etc.). Microsoft says it received no prior notification.
Consequences: some flaws are already exploited; PoC code appeared on GitHub and GitLab.
Actions: GitHub removed the researcher's account; Microsoft urges Coordinated Vulnerability Disclosure and issues patches.
Why it matters: public PoCs accelerate abuse and increase customer risk.
Do you consider current coordination mechanisms and platform responses adequate?
#cybersecurity #vulnerabilities #CVD #Microsoft


Latest comments
No comments yet.