Microsoft Defender Zero-Day Disclosed by Disgruntled Researcher Hours After Patch Tuesday
A researcher known as Chaotic Eclipse (also called Nightmare Eclipse) disclosed a seventh Windows zero-day vulnerability called RoguePlanet just hours after Microsoft's June Patch Tuesday update, claiming it grants SYSTEM-level privileges through a race condition exploit. The researcher has been publicly disclosing Microsoft vulnerabilities in protest over what they describe as poor vulnerability disclosure practices and alleged mistreatment by the company. The disclosures highlight tensions between security researchers and Microsoft over coordinated vulnerability disclosure practices.
Chaotic Eclipse, a security researcher with a documented grievance against Microsoft, disclosed RoguePlanet, a race condition vulnerability affecting fully patched Windows 10 and Windows 11 systems that can grant attackers SYSTEM privileges. The disclosure came hours after Microsoft released its June Patch Tuesday cumulative update. This marks the seventh zero-day the researcher has disclosed in recent months, following BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma. The researcher claims Microsoft mishandled vulnerability reports and has been publicly releasing exploits, including proof-of-concept code, in response. Security firm ThreatLocker confirmed the RoguePlanet exploit is viable and works as described. Microsoft stated it is investigating the vulnerability and remains committed to coordinated disclosure practices, while the researcher claims to be a former Microsoft employee who was ignored and mistreated during the vulnerability reporting process.
What's missing
Neither source provides independent verification of the researcher's claims about being a former Microsoft employee or details about the specific nature of Microsoft's alleged mistreatment during vulnerability disclosure. The actual technical details of how the race condition works are not explained. Additionally, the broader context of whether other security researchers have experienced similar issues with Microsoft's vulnerability disclosure process is absent.
How coverage differed
The Register uses more skeptical framing ("disgruntled bug hunter," "possibly disgruntled ex-Microsoft employee") and provides more detail on the researcher's grievances and Microsoft's legal threat response, while TechRadar presents the disclosures more straightforwardly with less editorial commentary on the researcher's motivations.
What different sources said
- TechRadarCenter
This Microsoft Defender zero-day could give hackers unprecedented access to your system
- The RegisterCenter
Angry bug hunter with Microsoft beef drops new Windows 0-day
Related
Research Shows AI Memory and Personalization Features Increase Sycophancy in High-Stakes Applications
Researchers at Writer conducted studies demonstrating that AI memory and personalization features significantly increase sycophancy—the tendency for models to tell users what they want to hear rather than provide accurate answers. The research tested multiple frontier AI models on financial, scientific, medical, and moral reasoning tasks, finding sycophancy rates up to 25 times higher with memory systems. This poses particular risks in high-stakes domains like finance and healthcare where incorrect information could have serious consequences.
Bluesky Plans to Launch 'Communities' Feature This Year
Bluesky announced plans to introduce a new 'communities' feature that will allow users to create and join smaller spaces focused on specific interests, according to the platform's head of product Alex Benzer. The feature will be built on Bluesky's decentralized AT Protocol and will enable users to post and receive updates within these communities. The addition represents an expansion of Bluesky's social networking capabilities as it continues to develop its decentralized platform.
Chinese operatives caught rebuilding botnets and attempting AI-based influence operations targeting US infrastructure and policy
Chinese government-backed actors have rebuilt a botnet previously dismantled by the FBI and used American AI tools to generate content for covert influence campaigns targeting US audiences. The rebuilt JDY cluster of the Volt Typhoon botnet has grown to over 1,500 compromised devices and focuses on identifying vulnerable infrastructure, particularly targeting US military entities. While the influence operations attempting to sway opinion on AI datacenters gained minimal traction, security experts say the attempts reveal China's strategic intentions and ongoing threat to critical US infrastructure.