www.it-connect.fr
Microsoft Clamps Down on Nightmare Eclipse and Pulls Its GitHub Account
Microsoft and Nightmare Eclipse continue to clash: the American vendor has spoken publicly for the first time and has decided to remove this security researcher's GitHub account.
Six zero-day vulnerabilities disclosed by Nightmare Eclipse
For several weeks now, there has been a real standoff between Microsoft and a security researcher known as Nightmare Eclipse. Several critical security flaws were in fact made public without Microsoft being informed beforehand. These include:
- RedSun
- UnDefend
- BlueHammer
- YellowKey
- GreenPlasma
- MiniPlasma
Each time, he also published proof-of-concept (PoC) exploit code on GitHub. If the researcher is disclosing these vulnerabilities, it is because he is unhappy with the way he was treated by Microsoft’s MSRC team. These acts are acts of revenge.
Even if he may have good reasons to be angry with Microsoft, there is a real problem: users and businesses are directly affected! These vulnerabilities are a gold mine for cybercriminals. This is all the more true because most of them are still unpatched to this day.
For the Redmond company, making exploit code available even before a fix is released constitutes a direct and irresponsible threat. In a post published on the subject and without ever naming the researcher directly, Microsoft reiterates its firm stance: "Uncoordinated disclosures that put proof-of-concept code for unpatched vulnerabilities into the hands of malicious actors are never justifiable and have real-world consequences."
A call to respect Coordinated Vulnerability Disclosure (CVD)
This incident gives Microsoft an opportunity to remind the industry of the best practices that govern cybersecurity. Every year, the company works with hundreds of researchers through the CVD (Coordinated Vulnerability Disclosure) program. This industry standard asks researchers to first share their findings with the vendors concerned, so they have time to act and fix the issue before any official announcement.
This approach:
- Allows updates to be deployed on affected services before attackers can get their hands on the technical details.
- Ensures financial compensation for researchers following responsible disclosures.
- Guarantees public recognition for researchers.
The vendor also reminds readers that its public portal remains open to everyone for submitting vulnerabilities, "regardless of past interactions or reputation" of the authors. The door remains open for Nightmare-Eclipse.
Beyond this reminder, Microsoft has also taken action: Nightmare-Eclipse's GitHub account has been deleted. Microsoft does not mention this in its article, but it is easy to assume the decision came from them... A symbolic move, since the exploit code had been accessible to everyone for weeks... And nothing prevents the researcher from publishing his findings on another platform.
This is certainly not the last time we will hear about it: the researcher has announced a surprise for the June 2026 Patch Tuesday. We will get the answer, and the next episode, in a few days.
