Microsoft's stance on zero day exploits is a dumpster fire of their own making
4 hours ago
- #Zero-day Exploits
- #Microsoft Security
- #Responsible Disclosure
- A security researcher named Nightmare Eclipse has been publicly releasing exploit proofs-of-concept for vulnerabilities in Microsoft products after claiming issues with reporting them.
- Microsoft's blog labels proof-of-concept exploit creation and distribution as 'criminal activity' and removed the researcher from their platforms, undermining responsible disclosure.
- Microsoft has a history of hiring individuals who publicly disclosed zero-days, such as SandboxEscaper, and purchasing exploits, contradicting their current stance on criminalizing such actions.
- The author criticizes Microsoft for leveraging its ownership of GitHub and partnerships to protect only its own products, potentially harming collective cyber defense efforts.
- The vulnerabilities include an unpatched BitLocker bypass, highlighting serious security flaws despite claims of advanced AI-driven security solutions.