Tuesday’s patch package was also fixed. miniplasmaa separate vulnerability revealed by Nightmare Eclipse. Microsoft said in an email that the vulnerability is tracked as CVE-2020-17103, a vulnerability that Microsoft first fixed six years ago. That means MiniPlasma was the result of a regression or an incomplete patch in its initial form. The company is in the process of updating Tuesday’s newsletter to account for the republishing.
Microsoft has not yet released patches for other vulnerabilities revealed by Nightmare Eclipse. the company did it provide manual instructions to mitigate YellowKey, a vulnerability that allows attackers to defeat Bitlocker’s full disk encryption. That could be a big help when attackers have physical access to a device (the precise scenario Bitlocker is designed to protect against). The company has yet to address the underlying cause of the vulnerability.
The status of other vulnerabilities revealed by Nightmare Eclipse is also unclear at this time. The researcher named a vulnerability present in Windows Defender sunred. Another, called BlueHammer, is also a local privilege escalation flaw that grants rights to the SYSTEM.
In recent months, Nightmare Eclipse has attacked Microsoft several times. The specific criticisms remain unclear, but many reference complaints about the company’s vulnerability disclosure program. Microsoft, in turn, has publicly criticized against the researcher for “not responsibly” revealing the vulnerabilities and made a valuable reference to the possibility of taking legal action. After a public backlash, Microsoft relented and promised that no such legal action would be taken.
On Tuesday, a nightmare eclipse published Exploit code for a new Windows vulnerability. It is a race condition that points to the Defender.
Tuesday’s patch batch included fixes for approximately 200 vulnerabilities. Despite the appearance that MiniPlasma was fixed, two of them were also confirmed to be zero-days.
Post updated to include information that Microsoft provided after the initial publication of this post.
