Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more

A pseudonymous researcher known as "Nightmare Eclipse" publicly released multiple Windows zero-day vulnerabilities and proof-of-concept code to GitHub, prompting Microsoft to condemn the uncoordinated disclosures; Microsoft confirmed three of the initially disclosed flaws have been exploited in live intrusions while several more recent disclosures remain unpatched. The report covers the risk introduced by publishing PoC code, Microsoft’s response and threat of legal action, and industry debate over vendor–researcher disclosure practices and bounties.