Skip to content
https://abc.microfintool.com/

ABC Tool

  • Home
  • About / Contect
    • PRIVACY POLICY
Microsoft under fire for threatening security researcher with criminal investigation

Microsoft under fire for threatening security researcher with criminal investigation

Posted on May 30, 2026 By safdargal12 No Comments on Microsoft under fire for threatening security researcher with criminal investigation
Blog

[ad_1]

After a security researcher published a series of unpatched bugs in Microsoft products, along with code to exploit them, the company is now threatening to take legal action and call the cops on them. Microsoft’s veiled threat reignites a long-running argument over what responsibility, if any, security researchers have to disclose vulnerabilities affecting large and wealthy tech giants.

On Wednesday, Microsoft published a blog post criticizing the researcher, who goes by the handle “Nightmare Eclipse,” for publicly disclosing a series of bugs, including BlueHammer, RedSun, UnDefend, and YellowKey. The flaws affected products such as the Windows built-in antivirus engine Defender and the disk-encryption tool BitLocker. 

The core of Microsoft’s complaints is that the researcher did not attempt to report the bugs so that the company could fix them. That would have been “responsible,” as Microsoft’s blog put it. The other side of the company’s argument is that by publishing the details of the bugs and how to exploit them before they were patched, Nightmare Eclipse may have aided malicious hackers. Some of the vulnerabilities Nightmare Eclipse disclosed have since been used by hackers in real-world attacks, according to Microsoft, as well as the U.S. cybersecurity agency CISA.

“Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity — coordinating as needed with law enforcement around the world,” Microsoft wrote. (Microsoft’s Digital Crimes Unit has the mission of protecting the company through different strategies, including “civil legal actions, technical countermeasures, criminal referrals, and public-private partnerships,” according to its website).

In a series of blogs published in the last couple of weeks — without providing many specific details — Nightmare Eclipse claimed to have been in contact with Microsoft, but the company allegedly mistreated them, including revoking access to their Microsoft Security Response Center account, the portal where researchers can report vulnerabilities to the tech giant. Nightmare Eclipse’s implication was that they had no choice but to release the vulnerabilities publicly, which essentially meant that at that point they were zero-days, a specific term for security flaws that are unknown to the software maker affected at the time they are disclosed or exploited.

The researchers published the bugs on open source repositories GitHub (owned by Microsoft) and GitLab. The researchers’ accounts on those platforms have been banned. 

Nightmare Eclipse and Microsoft did not respond to a request for comment. 

Cybersecurity veterans warn of chilling effect

This public spat brings back a long-running and still somewhat controversial debate: Do independent security researchers have a duty to make sure the vulnerabilities they find get fixed? And how far are they supposed to go to make sure the companies whose products are vulnerable actually fix them? 

One part of this debate, which has been fully settled and widely recognized, is that researchers deserve to get paid for their work. While it may sound obvious these days, it took years of struggle, captured in part during a campaign launched in 2009 called “No More Free Bugs.” Almost 20 years later, most companies small and large pay “bug bounty” financial rewards, which can today run as high as six figures or more to researchers who privately disclose bugs and coordinate publishing their details once the bugs are fixed.

In response to this latest controversy with Nightmare Eclipse, countless researchers have shared their bad experiences reporting bugs to Microsoft. It’s fair to say that much of the cybersecurity community is vocally unhappy about how Microsoft is handling this issue. This includes cybersecurity veterans, such as Luta Security founder Katie Moussouris, who while working at Microsoft in the mid- to late 2000s pioneered bug bounties and convinced the technology giant to move away from the concept of “responsible disclosure” by framing the process as “coordinated disclosure.”

“Invoking the term ‘responsible’ disclosure was the first strike in my book,” Moussouris told TechCrunch, referring to Microsoft’s blog post. “Adding a threat of prosecution by mentioning [Digital Crimes Unit] was over the top, and will only result in security researchers distrusting Microsoft.”

Moussouris warned that the consequences of security researchers losing trust with Microsoft could result in a chilling effect of fewer people coming forward to report bugs, “making it less safe for all of us.”

Security researcher and former Microsoft employee Kevin Beaumont also called out Microsoft in a blog post, describing the company’s position a “dumpster fire of its own making.” 

“Proof of concept exploit creation and distribution for zero days is ‘criminal activity’ now?” wrote Beaumont. “Responsible disclosure quite often is framed to protect the product owner, not the customer — using it to try to criminally prosecute people is a new low.”

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

[ad_2]

Source link

Post Views: 17

Post navigation

❮ Previous Post: 4 reasons why the gap between Gemini and ChatGPT is closing
Next Post: Grifters, cynics, and true believers: The family tree of vaccine opponents ❯

You may also like

Today’s NYT Connections: Sports Edition Hints, Answers for April 19 #573
Blog
Today’s NYT Connections: Sports Edition Hints, Answers for April 19 #573
April 20, 2026
Xiaomi may join the foldable phones race with a 200MP Leica camera beast
Blog
Xiaomi may join the foldable phones race with a 200MP Leica camera beast
May 28, 2026
Today’s NYT Mini Crossword Answers for May 6
Blog
Today’s NYT Mini Crossword Answers for May 6
May 6, 2026
Anthropic’s rise is giving some OpenAI investors second thoughts
Blog
Anthropic’s rise is giving some OpenAI investors second thoughts
April 15, 2026

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Whoops! Microsoft Outlook Mac Update Removes Email Conversation History
  • Anthropic’s New Claude Tag Acts as a Virtual Coworker in Slack
  • Google Home will soon get better at recognizing you
  • Meta Pauses Employee-Tracking Program Following Internal Data Leak
  • White House drastically shortens deadline for dropping quantum-vulnerable crypto

Recent Comments

  1. Pakistan's Football Industry: Complete Guide (2026) – Manufacturing, Exports, Business & Future Growth (Part-1) - Micro Finance Tool on WhatsApp is now testing its subscription service, here's what you get and how much it costs
  2. Budget Calculator: Your Complete Guide to Better Money Management - Micro Finance Tool on White House drastically shortens deadline for dropping quantum-vulnerable crypto
  3. Samsung’s upcoming foldables leak in a very interesting size comparison - ABC Tool on iPhone 18 Pro camera upgrade 'confirmed' by another rumor
  4. Aeroski 2.0 Ski Fitness Workout Machine Review & Product Info on Gaming at the Gym? Here’s How to Sneak Some Playtime Into Workouts
  5. AI Logo Generator on Tech giant Oracle cuts 21,000 jobs as it embraces AI

Archives

  • June 2026
  • May 2026
  • April 2026

Categories

  • Blog

Copyright © 2026 ABC Tool.

Theme: Oceanly News by ScriptsTown