An anonymous security researcher called “Nightmare Eclipse” has been publishing a series of significant security exploits against Microsoft Windows—including one that breaks BitLocker. Microsoft has threatened legal action against the researcher. Lots of recriminations are being traded back and forth.
Clive Robinson • June 2, 2026 9:50 AM
@ ALL,
Microsoft Purveyor of Malware
Is the viewpoint of many… In fact there are two truisms / sayings in the industry that go back into the last century,
“What ever the question, the answer is not Microsoft.”
“Microsoft products, the definition of malware.”
Both of which still have “the ring of truth” about them, and I’m sure there are others people could quote 😉
The fact is that Microsoft have a bad reputation for honesty, whilst what we have seen from the Security Researcher “rings true”.
Thus “on balance of credibility” Microsoft are asking for trouble going after the Security Researcher with lawyers.
Even if they were to win in Court what would come out into public will not do them any good.
After all Win 11 is seen as proof that Microsoft do not listen to their customers, and worse put them under a level of surveillance few would have believed possible…
With the EU and others looking at “Sovereign XaaS” rather than Microsoft or similar holding the door open for the US Executive and it’s thuggish “guard labor”…
This is potentially another “nail in the coffin” for Microsoft.
The fact that AI looks like it’s about to “swan dive” and Microsoft having “bet the farm” in various ways you would have thought they would know better.
But…
Anonymous • June 2, 2026 10:01 AM
Microsoft is actively colluding with the NSA. No software company has been quite as collaborative with the NSA as Microsoft has, e.g. in providing direct Skype is Spy Campaign|Skype access. But this is not the story which the media tends to tell; instead it focuses on companies like Facebook and Google.
Microsoft offers back doors at the operating systems level, not just the Internet/communications level; the NSA as a whole has come to share a bed with Microsoft (even staff intersections exist) and this technology giant, Microsoft, also receives payments for these abuses of privacy. e.g. from the CIA, based on clear disclosures (leaks).
The following articles cover examples of some of the ways in which Microsoft actively spies on people, directly (for its business interests) or as a proxy for governments.
Another "Anonymous" • June 2, 2026 12:49 PM
Unfortunately, people tend to forget pretty quickly when it comes to things like this. Especially considering the Snowden leaks, the collaboration with the NSA, the Skype topic. Microsoft collects data at every opportunity and spies on its users. The first thing that’s active on a running system is Bing/CoPilot. Full-screen gaming sessions are tracked through A/B tests, Start Menu interactions are monitored, and things like WebView2 keep reinstalling themselves while being loaded with telemetry services. The list of examples could easily fill pages.
Or similar stories such as Lenovo backdoors among many other examples.
What’s even worse is that companies like Avast have harvested data on a scale involving hundreds of millions of users, tracked users’ every click, and have also been involved in scandals surrounding Piriform/CCleaner.
Yet these companies and their software continue to be promoted on countless sites and sold. In my view, that really shouldn’t be allowed.
C U Anon • June 2, 2026 5:27 PM
Anonymous, Another “Anonymous” :
The thought occurs that none of the things you mention would be possible without “Bill Gates” and subsequent Microsoft Leadership actively not just complying but keeping a lid on things.
Thus a couple of questions arise from,
Firstly Bill Gates is “odd” in many ways, and his wife found out things that made her want to “get away with the children” whilst she and they could.
Secondly Bill Gates’ name keeps being associated with people that have become “undesirable” in quite shocking ways yet he never appears to be “investigated”…
But as you note Microsoft is in reality the nexus for “mass surveillance” and as has been said vefore has bypassed the security of End to End Encryption by putting scanning technology on the user interfaces whilst requiring the OS must have Internet Connectivity. One assumes so that the scanning can “commune with the mothership”.
Now is this just to “sell on” at vast profit to “data brokers” which would be bad enough, or to provide US State and Federal agencies and lawfare with upto date intel on individuals?
But the thought occurs,
“Is Microsoft the root of all evil?”
I think people would be hard pushed to say no given the amount of circumstantial evidence that has built up over the decades.
C U Anon • June 2, 2026 6:49 PM
ALL:
Is Micro$haft trying to force TPM2 on people where it is not required, so they can hide away their user surveillance malware?
It appears there may be some truth in it.
Further the question arises is Microsoft looking for ways to put lawyers on a single Open Source Software developer who keeps making bypasses to Microsoft forcing TPM2?
As has been pointed out for quite some time, there is no real advantage for “users” in TPM2 it’s claimed security value is actually dubious when properly investigated and evaluated.
However as Prof Ross Anderson oft noted over the decades TPM is the –evil– descendant of the “Fritz Chip” Disney and Co desperately wanted for blatant profiteering.
As such TPM2 is nearly the wet dream of those who extort via questionable IP-Rights, “rental money” on near endless supply (you own nothing so be happy as you pay through the nose bleed as you hemorrhage your life blood away). And worse drives massive increases in “Waste Electrical and Electronic Equipment”(WEEE) that is to the benefit of hardware manufacturers and the worlds environmental cost (and is increasingly regulated against in greater numbers of places in the world).
And thus benefits Micro$haft as well through it’s various “kick back” schemes.
Thus TPM2 is a very cosy con game protecting both direct profit and the ~$1500/user/year payback from surveilling individual users activities and selling it on.
So how long before Microsoft stick lawyers on the Open Source Developer who’s Rufus tool strips the need / requirement for TPM2 from Windows 11 etc OS’s?
You can follow some of the RUFUS story with this video posted today,
https://m.youtube.com/watch?v=wndyD1227R8
Or visit the Rufus project home page,
To see how to de-microshaft Win 11.
two questions/comments about resonses
the first being @c u anon,
i’ve never actually seen figures about actual payout amounts per user per year for anything, where do you get $1500usd?
the second being @libel tags,
patch tuesday is almost equivalent to a rolling release’s cadence, i’m also nervous about those and CAs(authoritive servers)/automatic updates.
geeknik • June 3, 2026 10:09 AM
LMFAO, it’s 2026 and people still trust Microsoft and Windows with their security posture?
A researcher drops serious Windows exploits, including a BitLocker break, and Microsoft’s instinct is allegedly legal pressure instead of maximum urgency and transparency. That tells users a lot about incentives.
Windows has spent years training people to accept telemetry, forced account flows, dark-pattern defaults, ads in the OS, cloud nudges, Recall-style surveillance concerns, and endless patch cycles as “normal.” At some point, trust stops being a technical question and becomes a judgment question.
If your threat model includes privacy, sovereignty, or vendor lock-in, trusting Microsoft by default is laughable. Use it if you must, harden it aggressively, isolate it, and assume the platform’s interests are not automatically aligned with yours.
Clive Robinson • June 3, 2026 7:56 PM
@ geeknik (Brian),
With regards,
“That tells users a lot about incentives.”
On the surface it would look like,
1, Shareholder value.
2, Senior management pay/bonuses.
Which whilst true, and ultra neo-con mantra in nature, is not what worries me (basically management by neo-con mantra tends to be both destructive and short lived).
It’s the “dark-side” of too many “mistakes” that become either “backdoors” or “surveillance enablers”.
I know we are supposed to assume it’s,
“Incompetence not malice…”
But at some point you have to make a judgment call and I made mine back in the early 1990’s as “malice”.
The only hard part was working out who the real beneficiaries of the malice were.
Whilst it is still a bit of an open question, it’s now beyond doubt that “user harm” is “built in by design” in most of Microsoft’s products.
But for various reasons too many people don’t want to look at it straight on and see it for what it is.
The last MS OS’s I tend to use are on old hardware –pre 1995– and are WinXP and Win2000, I still support early MS-DOS and Win3 as people I wrote software for, for industrial control etc still use it…
However all the MS platforms are “wired network only” where the protocols can be as low as RS232. Also that “wired” is rather more than “galvanically isolated”.
It sounds “extreme” but it was “built up” that way as in many cases that was the only way you could do things at the time (remember how slow Microsoft was to “rip-off” IP networking? The Internet had happened without them and they are still playing “catch up” today).
Anon50 • June 3, 2026 10:32 PM
As just an average person and enthusiast, I’m a bit turned off (if his story is true) if this security researcher did the right thing and contacted Microsoft and was blown off. I can see how that would be very frustrating and force him to disclose the vulnerability publicly.
It does make me wonder if this vulnerability wasn’t a mistake.
This vulnerability seems to affect just TPM only key protectors in Windows 11 (and Windows Server). TPM+PIN or TPM+Smart Card or TPM+PIN+Smart Card are the way to go for beefier pre-boot security. The security researcher has teased that he is waiting to publish a vulnerability that affects TPM+PIN sometime around June Patch Tuesday. If that one exists, it basically means BitLocker in its current version is completely vulnerable. And should be patched ASAP.
The aggressive legal stance Microsoft has taken isn’t how you treat security researchers, even if they’re not famous ones. It’s easy to go down the thinking that this may be a deliberate backdoor, but we don’t 100% know.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
mw • June 2, 2026 7:26 AM
Microsoft would better fix the bugs ASAP. Or won’t they fix because it’s a backdoor for some secret services?