home Forums Device, App & Web Security Device Security & Vulnerability Huntress warns of exploits in Microsoft Defender flaws

Viewing 1 post (of 1 total)
  • Posts
  • Huntress Labs has warned that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender.

    These flaws let attackers gain elevated privileges on compromised systems.

    The vulnerabilities are codenamed BlueHammer, RedSun, and UnDefend.

    They were released as zero-days by a researcher known as Chaotic Eclipse, also known as Nightmare-Eclipse.

    BlueHammer and RedSun are local privilege escalation flaws that affect Microsoft Defender.

    UnDefend can trigger a denial-of-service condition and block definition updates.

    Microsoft addressed BlueHammer in its Patch Tuesday updates this week.

    The flaw is tracked as CVE-2026-33825.

    The other two flaws have no fix yet.

    Huntress observed all three flaws used in the wild.

    BlueHammer was weaponised from 10 April 2026.

    RedSun and UnDefend proof-of-concept exploits appeared on 16 April 2026.

    These followed typical enumeration commands such as whoami /priv, cmdkey /list, and net group.

    Such commands point to hands-on-keyboard threat actor activity.

    Huntress has isolated the affected organisation to stop further post-exploitation.

    Free image upload service- https://imgur.com/
    0
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.