Tuesday’s patch bundle also fixed MiniPlasma, a separate vulnerability disclosed by Nightmare Eclipse. Microsoft said in an email that the vulnerability is tracked as CVE-2020-17103, a vulnerability Microsoft first fixed six years ago. This means that the miniplasma was the result of regression to its initial form or an incomplete patch. The company is in the process of updating Tuesday’s bulletin to take the publication into account.
Microsoft has not yet released patches for other vulnerabilities disclosed by Nightmare Eclipse. The company provided manual instructions for mitigating Yellowkey, a vulnerability that allows attackers to defeat BitLocker full-disk encryption. This can be a boon when attackers have physical access to a device (BitLocker is designed to protect against the exact scenario). The company has not yet fixed the underlying cause of the vulnerability.
The status of other vulnerabilities revealed by the Nightmare Eclipse is also unclear at this time. The researcher named a vulnerability present in Windows Defender Redson. The second, named Bluehammer, also has a local privilege escalation flaw that grants system rights.
Over the past few months, Nightmare Eclipse has launched several attacks on Microsoft. Specific criticisms are vague, but many reference complaints about the company’s vulnerability disclosure program. Microsoft, in turn, has publicly criticized the researcher for not “responsibly” disclosing the vulnerabilities and made indirect reference to the possibility of taking legal action. Following public backlash, Microsoft later relented and vowed that no such legal action would be taken.
On Tuesday, Nightmare Eclipse published exploit code for a new Windows vulnerability. This is a running situation that targets the defender.
Tuesday’s patch batch included fixes for nearly 200 vulnerabilities. Despite the fact that miniplasma had been fixed, two of them were also confirmed as zero-day.
The post was updated to include information provided by Microsoft after the initial publication of this post.
<a href