A researcher operating as Nightmare Eclipse has, since March, published a run of Microsoft zero-day disclosures with no Microsoft fix in place at the time of release, a series now circulating as Chaotic Eclipse 1. Each was a zero-day, meaning the researcher published the flaw before Microsoft had a patch ready. According to SecurityWeek, which has carried the primary reporting, the disclosures follow a dispute over Microsoft's bug-bounty handling 2. The researcher claims five exploits in the series: BlueHammer, RedSun, YellowKey, GreenPlasma, and RoguePlanet 3. The verifiable part is the run itself, five uncoordinated disclosures attributed to one handle against one vendor since March, and Microsoft has publicly restated its opposition to uncoordinated disclosure 4.
Two accounts of the latest entry conflict. This beat reported RoguePlanet in June's Patch Tuesday coverage as an actively-exploited Defender flaw at CVSS 9.6 . The Nightmare Eclipse research describes RoguePlanet differently, as CVE-2026-50656, a TOCTOU (time-of-check-to-time-of-use) race in Windows Defender rated CVSS 7.8, which the researcher says is unpatched with no confirmed exploitation in the wild 5. A TOCTOU race exploits the gap between when a programme checks a resource and when it uses it. Microsoft says a fix is in development and has set no date 6.
Those two accounts cannot both be right, and Lowdown is not resolving the CVSS number or the patch status here. Where the figures conflict between this briefing's earlier reporting and a single research source, they are flagged as claims rather than settled facts, and readers should treat them that way until Microsoft confirms a CVE, a severity, or a patch.
