20260529 Microsoft möchte Sicherheitslücken geheim halten

29.05.2026 Microsoft möchte Sicherheitslücken geheim halten

It is not the whistleblower who should be prosecuted ...

This applies in general — but currently also to security researchers who find and disclose vulnerabilities in IT systems. It is considered good practice to first inform the software manufacturer and give them some time to fix the vulnerability. How much time this takes and whether the company in question is making enough effort to fix the flaw is a matter of opinion.

Six zero-days in six weeks at Microsoft

Microsoft has certainly had its hands full lately patching serious bugs in its software and is not pleased with the publication of evidence regarding unpatched security vulnerabilities. Now the company is even threatening legal action against security researchers. This calls into question the entire community’s willingness to cooperate. Furthermore, lawsuits always attract more attention, making it even more likely that the vulnerability will be exploited by interested parties.

For example, a security researcher had his MSRC (Microsoft Security Response Center) account — through which he had reported vulnerabilities free of charge—first suspended and then deleted. Microsoft isn’t making any friends with this, nor by cutting jobs at the MSRC. Heise.de quotes IT security researcher Will Dormann, who wrote on Mastodon: “To save money, Microsoft fired the talented people, leaving only bureaucrats behind.”