After being locked in a heated dispute with a researcher, Microsoft corrects the 0 days it disclosed



Tuesday patch bundle also fixed MiniPlasmaAnother risk revealed by Nightmare Eclipse. Microsoft said in an email that the vulnerability is being tracked as CVE-2020-17103, a vulnerability Microsoft identified six years ago. This means that MiniPlasma came about because of a refund or an incomplete patch in its original form. The company plans to update Tuesday’s news to mark the release.

Microsoft has not released patches for other vulnerabilities exposed by Nightmare Eclipse. The company said giving instructions manually by mitigating YellowKey, a vulnerability that allows attackers to defeat Bitlocker full-disk encryption. This can be beneficial when attackers can use the tool (the very thing Bitlocker is designed to protect against). The company did not fix what caused the vulnerability.

The other vulnerabilities described by Nightmare Eclipse are also unknown at this time. The researcher identified one vulnerability, which is in Windows Defender RedSun. Another one, called BlueHammer, is a non-privilege that gives SYSTEM rights.

Over the past few months, Nightmare Eclipse has taken several shots at Microsoft. The specific objections are still unclear, but many cite complaints about the company’s whistleblowing program. Microsoft, too, has publicly mocked against the researcher for “not supervising” the disclosure of his weaknesses and hinted that he could take legal action. After a public outcry, Microsoft later reversed itself and vowed that no such law would ever happen.

Tuesday, Nightmare Eclipse printed use the code for the latest Windows vulnerability. It’s the type of competition that the Defender fights.

Tuesday’s patch batch included about 200 vulnerable fixes. Although it appears that MiniPlasma has been fixed, two of them have also been confirmed as zero days.

Post has been updated to include information provided by Microsoft after publication of this post.



Source link

اترك ردّاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *