🟠High  | Source: The Register — Security
A security researcher has publicly leaked Microsoft exploit code in protest at how the company handles vulnerability disclosures, following a similar incident by a researcher known as Nightmare Eclipse. The move bypasses responsible disclosure norms, meaning working exploits are now publicly available before Microsoft has necessarily issued patches. This significantly raises the risk for organisations running unpatched Microsoft and Azure environments.
Architect’s Take: Review your Microsoft and Azure patch status immediately and prioritise any outstanding security updates — publicly available exploit code dramatically shortens the window between disclosure and active exploitation. Ensure your vulnerability management process includes alerting on zero-day and pre-patch public exploit releases, not just CVE publication.
Original advisory: Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures