WireByte

Home / Latest

Microsoft Patches 0-Day Vulnerabilities Disclosed by Rival Researcher
Image: Pexels / Markus Winkler
Latest

Microsoft Patches 0-Day Vulnerabilities Disclosed by Rival Researcher

WireByte Staff · June 9, 2026

Microsoft has issued security patches for multiple zero-day vulnerabilities, including one called MiniPlasma (CVE-2020-17103) that appears to be a repeat of a six-year-old fix. This comes amid a public dispute with the researcher group Nightmare Eclipse, who disclosed the flaws and criticized Microsoft's vulnerability handling. Patches for other disclosed issues like YellowKey, affecting Bitlocker, are pending or have workarounds.

Key points

  • Microsoft released security updates addressing several zero-day vulnerabilities.
  • One patched flaw, MiniPlasma (CVE-2020-17103), was previously fixed six years ago, indicating a potential regression.
  • The vulnerabilities were disclosed by the researcher group Nightmare Eclipse, who have publicly criticized Microsoft's disclosure program.
  • Microsoft has stated the researcher did not disclose vulnerabilities "responsibly".
  • Patches for other disclosed vulnerabilities, such as YellowKey which impacts Bitlocker encryption, are still awaited or have manual mitigation steps.

Microsoft has released security patches to address a series of zero-day vulnerabilities, some of which were disclosed by the researcher group Nightmare Eclipse. This action follows a public disagreement between Microsoft and the researchers regarding the handling of vulnerability disclosures.

Among the vulnerabilities patched is MiniPlasma (CVE-2020-17103), a flaw that Microsoft confirmed was a reoccurrence of a vulnerability it had previously fixed six years prior. This suggests a potential regression or incomplete initial patching. Microsoft is updating its security bulletin to reflect this republication of the fix.

Further vulnerabilities disclosed by Nightmare Eclipse, including YellowKey, which could allow attackers to bypass Bitlocker full-disk encryption, remain unpatched. Microsoft has provided manual mitigation instructions for YellowKey but has yet to release a permanent fix for the underlying issue. The status of other disclosed vulnerabilities, such as RedSun and BlueHammer, which reportedly offer SYSTEM-level privileges, is also currently unclear.

Sources

WireByte Staff — Editorial Team

The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.