Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
Summary
Ars Technica reports on a tense dispute between a researcher known as Nightmare Eclipse and Microsoft, centered around two high-severity zero-days that the researcher disclosed and Microsoft subsequently patched. The patches include CVE-2026-45586 (a local privilege escalation) and MiniPlasma (CVE-2020-17103, a regression). The piece chronicles the disclosure drama, potential exploits, and the broader context of Microsoft’s vulnerability disclosure program, along with other patched flaws from the same release batch and ongoing discussions about defense and risk.