Microsoft Patches High-Severity Zero-Days Amid Rivalry
Microsoft has released critical patches for two zero-day vulnerabilities disclosed by researcher Nightmare Eclipse. Discover the drama behind these high-severity flaws and their potential impact on users.
Microsoft’s Response to Zero-Day Threats
In a dramatic turn of events, Microsoft has addressed two high-severity zero-day vulnerabilities that were disclosed by the controversial researcher known as Nightmare Eclipse. These vulnerabilities, particularly CVE-2026-45586, pose significant risks as they allow local privilege escalation, enabling attackers to gain SYSTEM rights and potentially install malware without user interaction.
Nightmare Eclipse's disclosures stem from a fallout with Microsoft over a prior agreement regarding vulnerability discussions. The researcher claims that Microsoft violated their arrangement, leading to the public disclosure of these vulnerabilities. The implications are serious, as the vulnerabilities could be exploited in the wild, although there are currently no indications of active exploitation.
- Key vulnerabilities patched:
- CVE-2026-45586: Local privilege escalation with minimal complexity.
- MiniPlasma (CVE-2020-17103): A regression of a previously fixed vulnerability.