Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
与研究人员陷入激烈对抗,微软修复了其披露的 0-day 漏洞
Microsoft on Tuesday released fixes for two high-severity zero-days that were disclosed by a researcher who has been locked in a testy beef with the software giant. Nightmare Eclipse, the pseudonym the researcher goes by, released a handful of high-severity vulnerabilities in recent months, making them zero-days that had the potential to be exploited in the wild. The researcher has said the disclosures, which included proof-of-concept code, came after Microsoft reneged on an arrangement the two made regarding vulnerabilities they had discussed.
微软周二发布了针对两个高危 0-day 漏洞的修复程序,这些漏洞由一名与这家软件巨头陷入激烈争执的研究人员披露。该研究人员化名为“Nightmare Eclipse”,在过去几个月里发布了多个高危漏洞,使其成为可能在野外被利用的 0-day 漏洞。该研究人员表示,这些包含概念验证(PoC)代码的披露,是因为微软违背了双方此前就漏洞讨论所达成的协议。
“But someone violated our agreement and left me homeless with nothing,” Nightmare Eclipse wrote in March. “They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.”
“但有人违反了我们的协议,让我无家可归,一无所有,”Nightmare Eclipse 在三月份写道。“他们明知会发生这种情况,却还是在背后捅了我一刀,这是他们的决定,而不是我的。”
As part of June’s vulnerability patch batch release, Microsoft issued a fix for CVE-2026-45586. Nightmare Eclipse disclosed the vulnerability and limited PoC code in May under the name GreenPlasma. The vulnerability is a local privilege escalation, meaning it can be chained to a separate vulnerability to give users or processes with low-level privileges the ability to defeat OS protections and gain full SYSTEM rights needed to install malware.
作为六月份漏洞补丁批量发布的一部分,微软针对 CVE-2026-45586 发布了修复程序。Nightmare Eclipse 在五月份以“GreenPlasma”为名披露了该漏洞及有限的 PoC 代码。该漏洞属于本地权限提升漏洞,意味着它可以与其他漏洞串联,使低权限用户或进程能够绕过操作系统保护,并获得安装恶意软件所需的完整 SYSTEM 权限。
Microsoft said CVE-2026-45586 required minimal complexity to exploit, required no user interaction, and that chances of active exploitation in the wild were likely. The vulnerability, the company added, was the result of “improper link resolution before file access (‘link following’) in [the] Windows Collaborative Translation Framework.” There are no indications that the vulnerability has been actively exploited so far.
微软表示,CVE-2026-45586 的利用难度极低,无需用户交互,且在野外被主动利用的可能性很大。该公司补充称,该漏洞是由于“Windows 协作翻译框架(Windows Collaborative Translation Framework)在文件访问前对链接解析不当(即‘链接跟随’)”所致。目前尚无迹象表明该漏洞已被主动利用。
Tuesday’s patch bundle also fixed MiniPlasma, a separate vulnerability disclosed by Nightmare Eclipse. Microsoft said in an email that the vulnerability is tracked as CVE-2020-17103, a vulnerability Microsoft first fixed six years ago. That means MiniPlasma was the result of a regression or an incomplete patch in its initial form. The company is in the process of updating Tuesday’s bulletin to note the republication.
周二的补丁包还修复了由 Nightmare Eclipse 披露的另一个漏洞“MiniPlasma”。微软在电子邮件中表示,该漏洞被追踪为 CVE-2020-17103,这是微软六年前首次修复的漏洞。这意味着 MiniPlasma 是由于回归问题或最初的补丁不完整导致的。该公司目前正在更新周二的公告,以说明此次重新发布的情况。
Microsoft has yet to release patches for other vulnerabilities disclosed by Nightmare Eclipse. The company did provide manual instructions for mitigating YellowKey, a vulnerability that allows attackers to defeat Bitlocker full-disk encryption. That could be a boon when attackers have physical access to a device (the precise scenario Bitlocker is designed to protect against). The company has yet to fix the underlying cause of the vulnerability.
微软尚未针对 Nightmare Eclipse 披露的其他漏洞发布补丁。该公司确实提供了缓解“YellowKey”漏洞的手动说明,该漏洞允许攻击者绕过 Bitlocker 全盘加密。当攻击者能够物理接触设备时(这正是 Bitlocker 设计旨在防御的场景),这可能是一个福音。该公司尚未修复该漏洞的根本原因。
The status of other vulnerabilities disclosed by Nightmare Eclipse are also unclear at the moment. The researcher named one vulnerability, present in Windows Defender RedSun. Another, named BlueHammer, is also a local privilege escalation flaw that provides SYSTEM rights.
Nightmare Eclipse 披露的其他漏洞目前状态也不明确。该研究人员命名了一个存在于 Windows Defender 中的漏洞,称为“RedSun”。另一个名为“BlueHammer”的漏洞也是一个可提供 SYSTEM 权限的本地权限提升缺陷。
Over the past few months, Nightmare Eclipse has taken multiple potshots at Microsoft. The specific criticisms remain unclear, but many make references to complaints about the company’s vulnerability disclosure program. Microsoft, in turn, has publicly railed against the researcher for “not responsibly” disclosing the vulnerabilities and made a vailed reference to the possibility of pursuing legal action. After a public backlash, Microsoft later relented and vowed no such legal action would occur.
在过去的几个月里,Nightmare Eclipse 多次抨击微软。具体的批评内容尚不清楚,但许多内容涉及对该公司漏洞披露计划的抱怨。反过来,微软也公开指责该研究人员“未负责任地”披露漏洞,并含蓄地提到了采取法律行动的可能性。在引发公众强烈反对后,微软随后做出让步,承诺不会采取此类法律行动。
On Tuesday, Nightmare Eclipse published exploit code for a new Windows vulnerability. It’s a race condition that targets Defender. Tuesday’s patch batch included fixes for roughly 200 vulnerabilities. Notwithstanding the appearance that MiniPlasma was fixed, two of them were also confirmed as zero-days.
周二,Nightmare Eclipse 发布了一个新的 Windows 漏洞的利用代码。这是一个针对 Defender 的竞争条件漏洞。周二的补丁批次包含了约 200 个漏洞的修复程序。尽管 MiniPlasma 看起来已被修复,但其中两个漏洞也被确认为 0-day 漏洞。