MICROSOFT faced backlash after threatening legal action against researchers disclosing zero-day vulnerabilities. One researcher, "Nightmare Eclipse," released details of several unpatched vulnerabilities affecting Microsoft products, prompting a dispute over disclosure processes. While Microsoft began patching some vulnerabilities, including high-impact ones like RedSun and UnDefend, they criticized the researcher for risking customer safety.
The incident sparked discussions on the responsibilities of security researchers versus vendors, leading Microsoft to clarify that they do not intend to pursue charges against researchers conducting proper security research. The researcher claims legal action was taken against them due to these disclosures.