1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'I was not bluffing Microsoft, and I'm doing it again': apparentl

    From TechnologyDaily@1337:1/100 to All on Tue Apr 7 15:45:33 2026
    'I was not bluffing Microsoft, and I'm doing it again': apparently
    disgruntled researcher leaks worrying Windows zero-day security flaw

    Date:
    Tue, 07 Apr 2026 14:35:00 +0000

    Description:
    Researchers confirm the bug works, while Microsoft gives a bland statement.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Researcher leaked BlueHammer Windows exploit code Flaw enables local privilege escalation to SYSTEM Microsoft urges coordinated disclosure, exploit reliability uncertain A security researcher, seemingly unsatisfied with how Microsoft handles vulnerability disclosures, has apparently decided to leak the exploit code for a zero-day flaw in the Windows operating system (OS).

    In a short post published on their Blogspot page, a person with the alias Chaotic Eclipse leaked the code for a bug called BlueHammer, a privilege escalation flaw that allows local attackers to gain SYSTEM or elevated admin permissions on the target endpoint. I was not bluffing Microsoft and I'm
    doing it again, they said, before sharing a GitHub repository for BlueHammer. Article continues below You may like Worrying Microsoft Office security flaw patched - update now or risk hackers accessing your files Microsoft patches concerning Windows 11 Notepad security flaw - Markdown issues could have let hackers slip in malware without warning A worrying Dell zero-day flaw has reportedly gone unpatched for nearly two years - and Chinese hackers are taking advantage

    Unlike previous times, I'm not explaining how this works, yall geniuses can figure it out, they added. Also, huge thanks to MSRC leadership for making this possible !!! And a special thanks to Tom Gallagher ! Microsoft's
    response The poster did not explain their reasoning, but from the little information shared, it seems they did not appreciate how Microsoft handled vulnerability disclosure.

    "I'm just really wondering what was the math behind their decision, like you knew this was going to happen and you still did whatever you did ? Are they serious ?, the researcher apparently said.

    They stressed that the code might not work for everyone, since its somewhat bugged. Some security researchers told BleepingComputer the exploit appears
    to work, while others said it didnt, confirming Chaotic Eclipses statement that the code has reliability issues. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    When asked for a comment, Microsoft gave a boilerplate statement that basically said nothing:

    "Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers as soon as possible, Microsoft told BleepingComputer .

    We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community."

    BlueHammer can only be exploited by a local attacker, it was said, which
    makes it somewhat harder to leverage. However, criminals can gain access through a myriad of ways. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/i-was-not-bluffing-microsoft-and-im-doi ng-it-again-apparently-disgruntled-researcher-leaks-worrying-windows-zero-day- security-flaw


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)