Microsoft has backpedaled on its stance towards a security researcher who publicly disclosed zero-day vulnerabilities in Windows, stating it has no intention of pursuing legal action against individuals conducting security research1. This reversal comes after the company initially condemned the researcher's actions and invoked its Digital Crimes Unit, sparking a public feud. The researcher had been releasing zero-day exploits for Windows, putting pressure on Microsoft to issue patches quickly. The company's updated statement aims to calm the security community, which had criticized Microsoft's initial response as overly aggressive. The incident highlights the tense relationship between vendors and researchers, particularly when it comes to zero-day disclosures. As zero-day activity continues to target Microsoft products, practitioners must assess their exposure immediately to mitigate potential risks.
Microsoft reaches for olive branch after public dustup with 0-day researcher
⚡ High Priority
Why This Matters
Zero-day activity targeting Microsoft means patching windows are already closing — assess your exposure immediately.
References
- The Register. (2026, June 2). Microsoft reaches for olive branch after public dustup with 0-day researcher. The Register. https://www.theregister.com/security/2026/06/02/microsoft-reaches-for-olive-branch-after-public-dustup-with-0-day-researcher/5249945
Original Source
The Register
Read original →