Microsoft said this week that public disclosure of multiple zero-day flaws in Windows components including Defender and BitLocker placed customers at unnecessary risk, after a researcher known as Chaotic Eclipse posted exploit details for six vulnerabilities over the past month.
KEY FACTS
- Disclosures six zero-day vulnerabilities were publicly posted without prior notice to Microsoft.
- Affected components the flaws affect Windows components including Defender and BitLocker.
- Exploitation BlueHammer, RedSun and UnDefend have been exploited in the wild.
- Company response Microsoft said its teams have been working to understand the impact and develop updates.
- Account action GitHub removed the researcher’s account, and a later GitLab account was also blocked.
In a Microsoft Security Response Center blog post, the company said the disclosures were not shared with it before release and argued that uncoordinated publication can increase risk for customers. It said the security teams were working around the clock to assess the impact and prepare updates.
The vulnerabilities named in the report include BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma and MiniPlasma, each tracked with a CVE number. Microsoft said the first three have already been used in active attacks.
The report said the researcher believed Microsoft mishandled the disclosure process and that this led to the public release of exploit details. It also said GitHub removed the account last week, while a newly created GitLab account was later blocked.
The researcher then posted a response saying they had tried to communicate with Microsoft and said the company had ignored and insulted them. The post also mentioned a planned release date of July 14, 2026.
WHY IT MATTERS
The episode shows how quickly uncoordinated disclosure can escalate when exploit details are made public before patches are available. It also underscores the risk to users when already disclosed flaws are being actively exploited in the wild.