Security Researcher Discloses Zero-Day Vulnerability in Microsoft VS Code After Losing Trust in Disclosure Process

Security researcher Ammar Askar publicly disclosed a zero-day vulnerability in Microsoft’s Visual Studio Code (VS Code) after expressing distrust in Microsoft’s bug disclosure process. The flaw was reported to a GitHub contact before Askar released a working exploit within one hour of notification. The vulnerability allows arbitrary code execution when a user clicks a malicious link, though specific technical details of the exploit mechanism were not provided. No CVE identifier was mentioned in the disclosure. The incident follows prior disputes between the researcher and Microsoft regarding vulnerability handling. The impact includes potential remote code execution on affected VS Code installations.