Microsoft faces cybersecurity community backlash for threatening legal action against a security researcher.
The researcher, known as Nightmare Eclipse, released proof-of-concept exploits for six unpatched Windows zero-day vulnerabilities. These disclosures occurred over the past two months outside of Microsoft's standard coordinated process.
Nightmare Eclipse cited alleged mistreatment by Microsoft as the motivation for the public releases. Microsoft's Digital Crimes Unit stated it will pursue cases against malicious actors and those enabling criminal activity.
Observers widely interpreted this statement as a threat against the researcher. Microsoft maintains that uncoordinated disclosures put customers at unnecessary risk and are never justifiable. This controversy has renewed debate over vulnerability disclosure ethics and corporate responsibility.