A researcher known as Chaotic Eclipse publicly disclosed six zero-day vulnerabilities in Windows components, with three being exploited in attacks shortly thereafter. Microsoft criticized this uncoordinated disclosure, arguing it jeopardized customer security and advocated for Coordinated Vulnerability Disclosure (CVD). The researcher claimed Microsoft ignored their previous reports and retaliated by deleting accounts and misrepresenting their work.
Tensions rose as the researcher threatened further actions, leading to potential legal implications. The clash highlights the ongoing debate in the security community regarding the balance between disclosure and responsible practices.