Microsoft Windows Alert—Angry Hacker Drops 2 New Zero-Day Exploits

ByDavey Winder,

Senior Contributor.

Updated May 14: This article, originally published May 13, reveals two new Windows zero-day exploits that have been publicly disclosed by a disgruntled security researcher with a bee in their bonnet regarding the way that the Microsoft Security Response Center deals with vulnerability reports. It has now been updated to include details from the May Patch Tuesday security rollout, which the hacker timed to follow the zero-day drops and has threatened to target next month as well.

The day following the Microsoft Patch Tuesday security updates rollout is known in cybersecurity circles as Exploit Wednesday. This month, there is more reason than ever to take that very seriously indeed. While Microsoft didn’t patch any “in the wild” vulnerabilities this time, an angry hacker known by the monikers Chaotic Eclipse and Nightmare Eclipse decided to synchronize the public disclosure of no less than two zero-day exploits with the official release. Here’s what you need to know, and do, about the YellowKey and GreenPlasma exploits.

Hell hath no fury like a security researcher scorned. Well, that appears to be so in the case of a bug bounty hacker known as Chaotic Eclipse, who has a history when it comes to posting Windows zero-days after being unhappy over communications with the Microsoft Security Response Center. Having publicly released exploit code for a zero-day in April, that went by the name of BlueHammer and turned Microsoft Defender’s own update workflow into a credential theft mechanism, they are now at it again.