MICROSOFT recently addressed a critical zero-day vulnerability, CVE-2026-45586, disclosed by a researcher known as Nightmare Eclipse, who has had a contentious relationship with the company. This vulnerability enables local privilege escalation, posing significant security risks. Although Microsoft patched this and another undisclosed zero-day also associated with Nightmare Eclipse, the status of numerous other vulnerabilities remains unclear.
Nightmare Eclipse criticized Microsoft's vulnerability disclosure practices, claiming a breach of agreement; Microsoft has warned about potential legal actions but later backed down. The recent patch batch included fixes for around 200 vulnerabilities, including serious issues affecting Windows Defender.