{"id":257917,"date":"2026-05-28T08:00:00","date_gmt":"2026-05-28T12:00:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/microsoft-condemns-uncoordinated-zero-day-disclosures\/"},"modified":"2026-05-28T12:30:11","modified_gmt":"2026-05-28T16:30:11","slug":"microsoft-condemns-uncoordinated-zero-day-disclosures","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/28\/microsoft-condemns-uncoordinated-zero-day-disclosures\/","title":{"rendered":"Microsoft Condemns &#8220;Uncoordinated&#8221; Zero Day Disclosures"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-uncoordinated-zeroday\/\">Microsoft Condemns &#8220;Uncoordinated&#8221; Zero Day Disclosures<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-uncoordinated-zeroday\/\">https:\/\/www.infosecurity-magazine.com\/news\/microsoft-uncoordinated-zeroday\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-28 08:00:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>In a new bulletin, Microsoft has criticized security researchers for publicly reporting vulnerabilities in the company\u2019s products before patches were available and without prior notice.<\/p>\n<p>These \u201cuncoordinated disclosures put our customers at unnecessary risk,\u201d the tech giant said.<\/p>\n<h2><strong>Six Microsoft Zero Days Disclosed Before Patches<\/strong><\/h2>\n<p>The statement, published on May 27, mentioned six vulnerabilities that \u201cwere not responsibly disclosed.\u201d These are:<\/p>\n<ul>\n<li>\u2018Red Sun\u2019 (CVE-2026-41091): a privilege escalation vulnerability in Microsoft Defender (CVSS: 7.8)<\/li>\n<li>\u2018BlueHammer\u2019 (CVE-2026-45498): another privilege escalation vulnerability in Microsoft Defender (CVSS: 7.8)<\/li>\n<li>\u2018YellowKey\u2019 (CVE-2026-45585): a security feature bypass vulnerability in Windows BitLocker (CVSS: 6.8)<\/li>\n<li>\u2018Undefend\u2019 (CVE-2026-45498): a denial-of-service vulnerability in Microsoft Defender (CVSS: 4.0)<\/li>\n<li>\u2018GreenPlasma,\u2019 a privilege escalation vulnerability in Windows BitLocker<\/li>\n<li>\u2018MiniPlasma,\u2019 a privilege escalation vulnerability in the Windows Cloud Filter driver<\/li>\n<\/ul>\n<p>Because of these uncoordinated disclosures, Microsoft security teams \u201chave been working around the clock\u201d to investigate these vulnerabilities and develop mitigation measures and work on security patches.<\/p>\n<p>Meanwhile, the rogue disclosures allowed to \u201cput proof-of-concept [exploit] code for unpatched vulnerabilities into the hands of bad actors,\u201d which Microsoft said is \u201cnever justifiable.\u201d<\/p>\n<p>\u201cWe remain firmly opposed to these actions, and any disclosure outside proper coordination that could harm our customers and the digital ecosystem,\u201d the company said.<\/p>\n<h2><strong>Microsoft Urges Responsible Disclosures<\/strong><\/h2>\n<p>The company encouraged security researchers to follow industry standard coordinated vulnerability disclosure (CVD) procedures, where a vulnerability finder and the owner of the vulnerable products convene an embargo period \u2013 typically 90 days \u2013 to allow the latter to develop patches before the vulnerability is&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-uncoordinated-zeroday\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Condemns &#8220;Uncoordinated&#8221; Zero Day Disclosures https:\/\/www.infosecurity-magazine.com\/news\/microsoft-uncoordinated-zeroday\/ Publish Date: 2026-05-28 08:00:00 Source Domain: www.infosecurity-magazine.com In&#8230;<\/p>\n","protected":false},"author":1,"featured_media":257919,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/1eb8d77a-b318-4476-8575-7379be4b9fee.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-257917","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257917"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=257917"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257917\/revisions"}],"predecessor-version":[{"id":257920,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/257917\/revisions\/257920"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/257919"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=257917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=257917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=257917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}