[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-microsoft-patches-zero-day-disclosed-by-nightmare-eclipse":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":24,"persona_id":22,"persona_name":22,"section":22,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},503,"microsoft-patches-zero-day-disclosed-by-nightmare-eclipse","Microsoft patches zero-day disclosed by Nightmare Eclipse","The June 2026 update closes a remote-code-execution bug that the researcher flagged last month.","Microsoft released a security update that closes a zero-day flaw highlighted by security researcher Nightmare Eclipse.\n\nThe patch arrived with the June 2026 Patch Tuesday rollup (KB5026365). It addresses a remote-code-execution vulnerability in the Windows kernel that was publicly disclosed on June 3, 2026. The fix applies to Windows 10 versions 20H2, 21H1 and 22H2, as well as Windows Server 2019 and 2022. Microsoft’s advisory cites CVE‑2026‑28437 as the identifier for the bug.\n\nClosing the flaw matters because the vulnerability could be triggered over the network without user interaction, giving an attacker full system control. Enterprises that missed earlier updates now have a concrete remediation path, and the episode underscores the ongoing tension between vendors and independent researchers.\n\nThe patch lands just days after the researcher posted proof‑of‑concept code, reminding us that disclosure timing still drives the security calendar.","[\"windows\",\"security\",\"patch\"]","2026-06-09T20:56:52.000Z","2026-06-09T23:16:36.438Z","2026-06-09T23:17:31.835Z","published",null,[],"https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fmicrosoft-patches-zero-day-disclosed-by-nightmare-eclipse.webp",[26,27,28],"windows","security","patch",[30],{"name":31,"url":32},"Ars Technica","https:\u002F\u002Farstechnica.com\u002Fsecurity\u002F2026\u002F06\u002Flocked-in-heated-rivalry-with-researcher-microsoft-fixes-0-day-they-disclosed\u002F",0]