I may not have seen the full story - and I am cognizant of this - but what I have seen so far puts me solidly on the side of Nightmare Eclipse.

Microsoft is making all indications that it is behaving like a colossal dick. It’s not a good look. As always: if you find yourself in a deep hole, stop digging.

there are active forks, and active mitigations for redsun undefend and bluehammer.

so far as i can tell yellowkey is problematic, as the exploit takes advantage of a backdoor that ms needs, to "manage" your computer.

only recently has a OOB mitigation been offered

https://www.techspot.com/news/112410-security-researcher-mic...

> “CVD is a two-way street,” he said. “The vendor has some responsibility as well, so to go out publicly stating this person violated CVD without showing any of the correspondence seems bold.”

> “It confusingly claims their program ‘ensures researchers are compensated and publicly acknowledged’ in a statement answering a researcher who says he got neither,”

Well said.

Related:

GitHub bans security researcher who posted zero-day Windows exploits

https://news.ycombinator.com/item?id=48315968

This is poor damage control by Microslop. Why would the researcher publish valuable exploits without trying to get a bounty?

Usually, when an individual is that upset, the group or corporation is wrong and tries to shape public perception by lying.

Since when is publishing zero days a crime anyway? Shame on Microslop for these intimidation tactics. The real crime is vibe coding operating systems.

Sorry not sorry