Microsoft Faults Uncoordinated Zero-Day Disclosures
Microsoft criticized public releases of Windows zero-days after GitHub removed researcher Chaotic Eclipse’s account, saying disclosures lacked prior notice and put customers at risk.
Microsoft criticized the public release of multiple Windows zero-day vulnerabilities after GitHub removed the account of a researcher known as Chaotic Eclipse, also using the handle Nightmare-Eclipse. The researcher published technical details and exploit code for flaws that Microsoft and others identified as affecting components including Windows Defender and BitLocker.
The researcher’s disclosures included BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498) and YellowKey (CVE-2026-45585), along with two additional names the researcher referenced as GreenPlasma and MiniPlasma. Microsoft reported that BlueHammer, RedSun and UnDefend have been observed in active exploitation.
Microsoft said, “In recent weeks, several zero-day vulnerabilities have been publicly disclosed,” and noted that “the details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk.” The company added its security teams have been “working around the clock to understand the impact, protect our customers, and develop security updates.” Microsoft warned that publishing proof-of-concept code for unpatched flaws increases the likelihood that attackers can weaponize them.
The researcher posted criticism of Microsoft’s handling of prior reports, writing that when they asked the company to communicate, they were refused, humiliated and publicly insulted. The researcher also said the Microsoft account used to report bugs was deleted, that exploit code was moved to a GitLab account after GitHub removed the original account, and that the GitLab account was later blocked. The researcher signaled further disclosures for July 14, 2026 and included a threat in the post that “will make sure your bones are shattered that day.”
Microsoft urged researchers to follow Coordinated Vulnerability Disclosure practices so vendors can evaluate impact and prepare fixes before technical details are released. The company said it welcomes diverse perspectives and is committed to transparency and dialogue with the security community.
GitHub removed the researcher’s account after the public revelations; exploit code later appeared on GitLab before that account was blocked. Microsoft has published advisories for the disclosed issues, including CVE-2026-45585 (YellowKey), and encouraged users to apply updates and mitigations once patches are available.
Articles by this author
