CVE-2026-45585
Coverage of CVE-2026-45585 in the Nexus archive.
- Angry bug hunter with Microsoft beef drops new Windows 0-day
Nightmare Eclipse, a bug hunter with a reported grudge against Microsoft, disclosed a new zero-day vulnerability called RoguePlanet targeting Microsoft Defender on Windows 10 and 11. The flaw allows local privilege escalation to SYSTEM-level access and is part of seven zero-days the researcher has publicly released, accusing Microsoft of ignoring vulnerability reports and refusing communication. Microsoft initially responded with potential legal threats but later clarified it had 'no intention to pursue action' against security researchers.
- Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
Disgruntled bug hunter Nightmare Eclipse (Chaotic Eclipse) has released six Windows zero-days, prompting Microsoft to issue a blog post condemning uncoordinated disclosure and threatening legal action. Nightmare claims Microsoft humiliated them by deleting their MSRC account and withholding payment, vowing a major release on July 14.
- Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit
Microsoft has released a mitigation for the YellowKey BitLocker bypass vulnerability, which is tracked as CVE-2026-45585 and carries a CVSS score of 6.8. The vulnerability is a security feature bypass in Windows. Microsoft publicly disclosed the issue last week.