Microsoft has patched two high-severity zero-day vulnerabilities disclosed by researcher Nightmare Eclipse, who claims Microsoft violated their agreement regarding vulnerability disclosure. The vulnerabilities, including CVE-2026-45586 (GreenPlasma), are local privilege escalation flaws that could allow attackers to gain full SYSTEM rights. The disclosure comes amid an ongoing dispute between the researcher and Microsoft, with the researcher alleging bad faith from the company.
Background
Zero-day vulnerabilities are previously unknown security flaws that can be exploited by attackers before developers have a chance to fix them. Microsoft regularly releases security patches on 'Patch Tuesday' to address such vulnerabilities.
- Source
- Ars Technica
- Published
- Jun 10, 2026 at 04:56 AM
- Score
- 7.0 / 10