Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft is advocating for Coordinated Vulnerability Disclosure (CVD) in response to a researcher's public disclosure of multiple zero-day vulnerabilities. The company emphasizes the importance of sharing findings with affected vendors, allowing them to assess and address the issues before public disclosure. This stance comes after a researcher, known as Chaotic Eclipse, revealed details of several zero-day vulnerabilities, prompting Microsoft to reiterate its support for responsible disclosure practices. The company's position is centered on giving vendors sufficient time to develop and deploy patches, thereby reducing the risk of exploitation. Microsoft's advocacy for CVD highlights the need for a collaborative approach to vulnerability management, where researchers and vendors work together to mitigate potential threats¹. This matter is of utmost importance to security practitioners, as the window for patching zero-day vulnerabilities is rapidly shrinking, making it essential to assess exposure immediately.