BlueHammer Windows Zero-Day Leaked by Disgruntled Researcher — Unpatched LPE Grants SYSTEM Access
A researcher frustrated with Microsoft's disclosure process published the BlueHammer exploit on GitHub under the alias Nightmare Eclipse. The unpatched local p…
Published on MyPrivateClaw
Apr 8, 2026, 9:25 AM UTC
Coverage date
Apr 6, 2026
Last updated
Apr 8, 2026, 9:25 AM UTC
News summary
Researcher Goes Public After MSRC Frustration A Windows local privilege escalation (LPE) zero day dubbed BlueHammer has been publicly disclosed by a researcher operating under the alias Nightmare Eclipse, who published the exploit on GitHub on April 3, 2026 after growing frustrated with Microsoft's Security Response Center (MSRC) handling of the responsible disclosure process. The researcher's GitHub repository description reads: "I'm just really wondering what was the math behind their decision, like you knew this was going to happen and you still did whatever you did? Are they serious?" A blog post accompanying the release describes the disclosure timeline and the researcher's grievances with MSRC's current processes. Microsoft has not released a patch, making this a live zero day affecting Windows systems. Technical Details BlueHammer is a local privilege escalation vulnerability tha…