Our Systems Are Just Collateral Damage In This Dispute
A security researcher that goes under the moniker Nightmare Eclipse has been releasing Windows 0-day vulnerabilities to the web recently. They have all been quite horrifying in their scope and have led to Microsoft releasing a number of patches to try to address them. Nightmare Eclipse claims that the public release of these vulnerabilities came about because Microsoft reneged on an arrangement they had made with them. The arrangement likely involves bug bounties, with Nightmare Eclipse revealing these vulnerabilities directly to Microsoft and Microsoft either not paying out or providing as much money as Nightmare Eclipse felt the attacks were worth.
Microsoft’s response to the reveals was to publicly state that Nightmare Eclipse has acted irresponsibly and that they intended to pursue legal action. Seeing as how Microsoft have been working hard to annoy and frustrate their customers for the past couple of years, the only one surprised by the public’s extremely negative reaction was Microsoft. The overwhelmingly negative feedback Microsoft has received convinced them to back off on the legal threats.
While Microsoft has backed off on their threats, it’s quite obvious they didn’t go so far as to try to satisfy Nightmare Eclipse’s request for bounty as we have a brand new 0-day to worry about. This time it is RoguePlanet, a way to force Microsoft Defender to spawn a command prompt with SYSTEM privileges. It is a modification of a previously patched exploit, and in this case makes use of a race condition to cause the prompt to appear. That means it won’t work on every machine, but on those it does it will succeed until this new bug is patched.
The timing of the release is both amusing and terrifying, as Microsoft just pushed out the largest set of Patch Tuesday updates they ever have but none of them will address RoguePlanet.
