Microsoft 0-day feud escalates as researcher threatens another exploit dump
The Register reports that a security researcher, known for previous zero-day disclosures, has threatened to release another Windows exploit after a public dispute with Microsoft. The researcher, who goes by the handle 'SandboxEscaper,' previously dumped four zero-day vulnerabilities in 2018, including one affecting the Windows Task Scheduler. This time, the researcher claims Microsoft ignored a critical flaw reported months ago, leading to the threat of a public exploit release. The feud highlights ongoing tensions between security researchers and Microsoft over its bug bounty program and disclosure policies. Microsoft has not commented on the specific claims but has a history of patching vulnerabilities after public disclosure. The potential exploit could affect a wide range of Windows versions, though the exact impact is unclear until details emerge. This incident underscores the risks of adversarial researcher-vendor relationships in cybersecurity.
Developers must prepare for potential unpatched Windows exploits affecting their systems.