Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
Summary
Microsoft has patched a zero-day vulnerability that was disclosed by a researcher known as Nightmare Eclipse, following a public dispute between the researcher and the company. The researcher reportedly disclosed the vulnerability after disagreeing with Microsoft's timeline for a fix.
IFF Assessment
FOE
The patching of a zero-day is good for defenders, but the public rivalry and potential for rapid exploitation before patches are widely deployed presents a risk.
Defender Context
This incident highlights the tension between security researchers and vendors regarding vulnerability disclosure. Defenders should be aware that zero-days can be exploited rapidly, and patching promptly is crucial once updates are available, especially for actively exploited vulnerabilities.