Dispute with Microsoft: Anonymous Security Researcher Releases Next Windows Exploit | t3n
An anonymous security researcher has been repeatedly publishing discovered vulnerabilities in Windows 10 and 11. Now, "Nightmare Eclipse" has found a new vulnerability in the Microsoft operating system that works despite current patches.
- Home
- News
- Software & Development
Don't miss any news anymore!
An anonymous security researcher has been repeatedly publishing discovered vulnerabilities in Windows 10 and 11 for months. Now, "Nightmare Eclipse" has found a new vulnerability in the Microsoft operating system. And this one works even despite current patches.
Normally, security researchers collaborate with large companies and report discovered vulnerabilities so that they can be closed as quickly as possible. For several months, however, the researcher, who operates under the nickname "Nightmare Eclipse" or "Chaotic Eclipse" on his blog, has been doing things differently. Apparently upset by Microsoft, he is actively searching for vulnerabilities in Windows 10 and 11—and simply making them public.
New Vulnerability in Windows 10 and 11 Discovered
This is also the case with the vulnerability that the researcher has named "Rogue Planet." He has published his discovery on GitHub in a self-hosted repository. According to his statement, Microsoft has deleted both his public post of the exploit on GitHub and GitLab and subsequently banned his account.
He writes in his blog: "Microsoft has forgotten that, even if they ban me on GitHub and GitLab, they cannot delete my code. Once it is public, it cannot be removed." Nightmare Eclipse has been working on the vulnerability in Windows 10 and 11 since early May. If the exploit is used, attackers can execute a command and gain system privileges.
According to "Nightmare Eclipse," the exploit is a so-called "Race Condition." This means that multiple processes must occur in the correct order for it to work. If one of the processes occurs before the other because the system processes them faster, the exploit suddenly no longer works. However, the security researcher emphasizes that he has had a 100% success rate on some systems. Theoretically, all PCs with Windows 10 or 11 could be affected, even with the current patch.
In a statement to Bleeping Computer, the security researchers from Threat Locker confirmed that they were able to reproduce the attack with the exploit and thus validate it. Thus, "Nightmare Eclipse" has uncovered the seventh serious vulnerability in Windows within a few months. None of the vulnerabilities came with a detailed explanation of how they work. According to "Nightmare Eclipse," Microsoft should figure out how to close the gap themselves.
The company had previously threatened to involve authorities if further disclosures occurred. A spokesperson told Bleeping Computer: "Microsoft is aware of the report regarding the vulnerability and is actively investigating the validity and potential applicability of these claims. […] It is important that we support the coordinated disclosure of vulnerabilities. A standard that protects customers and supports the researcher community by thoroughly examining and testing their findings before publication."