'I was not bluffing Microsoft, and I'm doing it again': apparently disgruntled researcher leaks worrying Windows zero-day security flaw

A security researcher, seemingly unsatisfied with how Microsoft handles vulnerability disclosures, has apparently decided to leak the exploit code for a zero-day flaw in the Windows operating system (OS).

In a short post published on their Blogspot page, a person with the alias Chaotic Eclipse leaked the code for a bug called BlueHammer, a privilege escalation flaw that allows local attackers to gain SYSTEM or elevated admin permissions on the target endpoint.

“I was not bluffing Microsoft and I'm doing it again,” they said, before sharing a GitHub repository for BlueHammer.

“Unlike previous times, I'm not explaining how this works, yall geniuses can figure it out,” they added. “Also, huge thanks to MSRC leadership for making this possible !!! And a special thanks to Tom Gallagher !”

Microsoft's response

The poster did not explain their reasoning, but from the little information shared, it seems they did not appreciate how Microsoft handled vulnerability disclosure.

"I'm just really wondering what was the math behind their decision, like you knew this was going to happen and you still did whatever you did ? Are they serious ?,” the researcher apparently said.

They stressed that the code might not work for everyone, since it’s somewhat bugged. Some security researchers told BleepingComputer the exploit appears to work, while others said it didn’t, confirming Chaotic Eclipse’s statement that the code has reliability issues.

When asked for a comment, Microsoft gave a boilerplate statement that basically said nothing:

"Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers as soon as possible,” Microsoft told BleepingComputer.

“We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community."

BlueHammer can only be exploited by a local attacker, it was said, which makes it somewhat harder to leverage. However, criminals can gain access through a myriad of ways.