Microsoft Threatens Researcher Over Bug Reports, Triggers Cybersecurity Uproar
Microsoft Threatens Researcher Over Bug Reports, Triggers Cybersecurity Uproar
https://www.pcmag.com/news/microsoft-threatens-researcher-over-bug-reports-triggers-cybersecurity
Publish Date: 2026-05-28 16:18:00
Source Domain: www.pcmag.com
The cybersecurity community is blasting Microsoft for threatening legal action against a disgruntled researcher who’s been exposing Windows vulnerabilities outside the company’s normal disclosure process.
The controversy deals with a researcher known as “Nightmare Eclipse,” who has published six unpatched “zero-day” flaws in recent weeks. This includes a proof-of-concept exploit for a Windows vulnerability known as BlueHammer that can allow an attacker to escalate their privileges to the administrator level.
Researchers normally submit such findings to the Microsoft Security Response Center (MSRC) for patching to prevent hackers from exploiting them. But Nightmare Eclipse has deliberately ignored the responsible disclosure route, citing claims that Microsoft mistreated them.
“They mopped the floor with me and pulled every childish game they could,” the researcher wrote last month, without elaborating. “It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision.”
The tension only escalated after Nightmare Eclipse disclosed more flaws this month, writing: “Microsoft has chosen to make this worst instead of resolving the situation like adults, they pulled every childish game possible.”
On Wednesday, the software giant responded with its own blog post that reiterated the need for responsible disclosure to prevent hackers from abusing such flaws and contained a legal threat.
“Uncoordinated disclosures that put proof-of-concept code for unpatched vulnerabilities into the hands of bad actors are never justifiable and have real-world consequences,” the company wrote, later adding: “Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity – coordinating as needed with law enforcement around the world.”
Microsoft goes on to say…
