Windows BitLocker exploit sparks messy feud between Microsoft and the researcher who exposed it

Microsoft threatened a security researcher with criminal prosecution. The cybersecurity community is furious.

Microsoft published a blog post on Wednesday criticising a security researcher known as “Nightmare Eclipse” for publicly disclosing a series of unpatched vulnerabilities in Windows Defender and BitLocker. The company then invoked its Digital Crimes Unit, which handles criminal referrals and law enforcement coordination. The cybersecurity community responded with outrage. The bugs, named BlueHammer, RedSun, […] This story continues at The Next Web

Windows BitLocker exploit sparks messy feud between Microsoft and the researcher who exposed it

The issue centers on a zero-day exploit called "YellowKey," published earlier this month by a security researcher known as Chaotic Eclipse, also known online as Nightmare-Eclipse. The proof of concept demonstrates a method for accessing BitLocker-encrypted drives on Windows 11 using a USB device.Read Entire Article

Why did Microsoft threaten bug hunter prosecution?

Microsoft’s legal threats roil the bug disclosure community Microsoft has drawn widespread backlash after publishing a blog post concerning a security researcher known as “Nightmare Eclipse,” who publicly disclosed a series of unpatched vulnerabilities and published exploit code. According to the…

Microsoft’s incident response is getting a failing grade from researchers

Microsoft is ticking off a lot of researchers this week by claiming that those who dump proof-of-concept exploits for vulnerabilities they have not responsibly disclosed are enabling criminal activity, and that Microsoft will track them and bring cases against them. Whoever advised them to issue that statement may want to walk it back. Kevin Beaumont,... Source

Microsoft’s Zero-Day Feud With Rogue Researcher Spirals Toward July Deadline

A lone Windows expert has dropped six zero-days in quick succession. Three reached active exploitation almost immediately. Now the researcher promises something far bigger on July 14. Microsoft calls the releases unjustifiable. The company has turned to its Digital Crimes Unit and law enforcement. The clash exposes raw tensions in how big tech handles outside bug reports. Nightmare Eclipse, who also posts as Chaotic Eclipse and Dead Eclipse, beg…

Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more

Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.