An anonymous security researcher known as Nightmare Eclipse has now published six unpatched Windows exploits over the past six weeks — and Microsoft has publicly responded for the first time, calling the releases “never justifiable.” The standoff is escalating: three of the six flaws are already being exploited in real attacks, and the researcher is threatening to release a seventh exploit on July 14.
The six vulnerabilities — codenamed BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma — all allow attackers to take SYSTEM-level control of Windows computers, meaning full access to files, accounts, and settings. Each was published with working proof-of-concept code on GitHub, making them usable by anyone with basic technical skills. The researcher says Microsoft refused to acknowledge vulnerability reports, declined to pay bug bounties, and deleted the researcher’s account on their security reporting platform. Microsoft disputes this account and says its Digital Crimes Unit will continue to pursue those who endanger users.
How to check if you’re affected
Affected versions include all currently supported editions of Windows — Windows 10, Windows 11, and Windows Server 2022/2025. Microsoft has patched some but not all of these flaws. To reduce your risk:
- Install all pending Windows updates via Settings → Windows Update. Some of the six exploits were fixed in recent Patch Tuesday updates; others remain unpatched.
- Do not open unexpected files or links — the exploits require an attacker to already have some access; phishing is still the most common entry point.
- Ensure Microsoft Defender is active and up to date — some of the vulnerabilities disabled Defender definitions, so verifying it is running is worth doing.
Until Microsoft issues patches for all six flaws, keeping Windows updated is the single most effective step you can take.