Microsoft fixes 0-day disclosed by researcher in feud

Microsoft patched two high-severity zero-days disclosed by researcher Nightmare Eclipse after a broken agreement. CVE-2026-45586 is a local privilege escalation in the Windows Collaborative Translation Framework requiring minimal complexity and no user interaction. No active exploitation has been detected yet.