What is a zero-day vulnerability?

A zero-day vulnerability is an unknown flaw in software for which no patch exists. It poses significant risk, as attackers can exploit it before developers release a fix.

Why did the conflict between Microsoft and the researcher become public?

The researcher accused Microsoft of delaying the vulnerability patch, which could have exposed users to potential attacks. The public dispute highlighted ongoing issues in collaboration between corporations and independent security experts.

What steps did Microsoft take to address the vulnerability?

Microsoft included the patch in its monthly security update cycle and also fixed a second vulnerability reported by the same researcher.

← All news

Security

Microsoft Patches Zero-Day Vulnerability After Public Dispute with Researcher

June 10, 2026

Photo: Ars Technica

Quick answer

Microsoft patched a critical zero-day vulnerability discovered by researcher Nightmare Eclipse after a public dispute over delayed patching.

Microsoft has released a patch for a critical zero-day vulnerability discovered by independent security researcher Nightmare Eclipse. The incident gained public attention when the expert publicly accused the company of delaying the fix, potentially leaving users exposed to attacks.

The vulnerability was addressed in Microsoft’s scheduled security update cycle. In the same release, the company also closed another vulnerability reported by Nightmare Eclipse. Both issues were classified as critical, as they could be exploited for unauthorized system access.

The dispute between the researcher and Microsoft highlights growing tensions between major tech firms and independent cybersecurity experts. Such conflicts often arise from disagreements over vulnerability patch timelines and transparency in communication.

Experts emphasize that timely patching of zero-day vulnerabilities is critical to protecting corporate and user data. In this case, Microsoft responded promptly to criticism, minimizing potential risks for users.

Common questions

What is a zero-day vulnerability?: A zero-day vulnerability is an unknown flaw in software for which no patch exists. It poses significant risk, as attackers can exploit it before developers release a fix.
Why did the conflict between Microsoft and the researcher become public?: The researcher accused Microsoft of delaying the vulnerability patch, which could have exposed users to potential attacks. The public dispute highlighted ongoing issues in collaboration between corporations and independent security experts.
What steps did Microsoft take to address the vulnerability?: Microsoft included the patch in its monthly security update cycle and also fixed a second vulnerability reported by the same researcher.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml