Three zero-days in Microsoft Defender: two vulnerabilities remain unpatched

Colleagues — cybersecurity alert: exploitation of three zero‑days in Microsoft Defender has been confirmed.
- BlueHammer (CVE‑2026‑33825), RedSun and UnDefend: BlueHammer and RedSun are LPEs; UnDefend causes DoS and blocks updates.
- BlueHammer was patched in Patch Tuesday; RedSun and UnDefend remain unpatched.
- Huntress observed exploitation: BlueHammer since 10 April; PoCs for the others dated 16 April. Observed commands include whoami /priv and net group.
- Huntress isolated the affected organisation.
Why this matters: attackers achieve privilege escalation and can prevent updates.
What are you doing to protect endpoints?
#cybersecurity #MicrosoftDefender #vulnerability #infosec


Latest comments
No comments yet.