Microsoft has clarified that it does not intend to take legal action against security researchers conducting good-faith vulnerability research, following backlash from the community over its response to a researcher known as Nightmare Eclipse who publicly disclosed multiple unpatched Windows zero-day exploits. The company emphasized that legal escalation would target only those engaged in malicious activities causing harm, reaffirmed its commitment to coordinated vulnerability disclosure, and pledged improved communication and transparency with researchers.
https://cybersecuritynews.com/microsoft-clarifies-nightmare-eclipse-controversy/

