Last week I made a thread about the Yellow Key exploit, which you can read here. The tl;dr is that a disgrunted 0-day hunter who goes by the name Nightmare Eclipse was tired of being ignored by Microsoft's disclosure team, so he uploaded an extremely critical exploit for everyone on github (in fact, this is one of four exploits, however the most severe). Yellow Key is a literal backdoor which breaks bitlocker encryption for any Windows 11 computer if you are able to locally access it (I tried it out by the way, and yes, it works).
This week, Microsoft responded and denied all accusations, threatened legal action, and referred to these events as "uncoordinated disclosures". They then suspended his account on github.
This week, in a signed message on his blog, Nightmare Eclipse responded with a pgp signed message. In addition to disputing Microsoft on everything, they claim that on July 14th a new exploit will be released that will be a big one. They also created a GitLab account.
Shortly thereafter, the GitLab was taken down. Presumably, due to some sort of cease and desist from Microsoft lawyers.
In response, security researchers began piling on Microsoft sharing their stories about the incompetence of the security team. You can see a collage of the tweets here.
Whether this continues to snowball remains to be seen, but Microsoft is showing how little they care about severe vulnerabilities, all but confirming they intentionally left a backdoor in for law enforcement (which would make sense...why would an encrypted application even have such a methodology of breaking in?).