Microsoft released its Tuesday Patch Tuesday bundle, addressing roughly 200 flaws across Windows. Among them, the company patched MiniPlasma, a regression of a vulnerability first fixed six years ago and tracked as CVE-2020-17103. The fix corrects an incomplete patch that resurfaced, prompting Microsoft to update the bulletin to note the republication. This correction is critical for enterprise environments that rely on long‑term patch stability.

The same bundle left several exploits disclosed by the researcher Nightmare Eclipse unpatched. Microsoft supplied manual mitigation steps for YellowKey, a flaw that can bypass BitLocker when an attacker has physical access, but the underlying issue remains unresolved. Administrators must monitor for potential abuse in fleets. Other reported bugs include RedSun in Windows Defender and BlueHammer, a local privilege escalation granting SYSTEM rights.

The feud escalated when Nightmare Eclipse published exploit code for a new Defender race‑condition zero‑day, prompting Microsoft to label the researcher’s disclosures “irresponsible” and hint at legal action. After public backlash, the company backed off, promising no lawsuit. The dispute underscores the industry challenge of balancing remediation with disclosure.