RedSun: System user access on Win 11/10 and Server with the April 2026 Update

Published: 3 weeks ago (April 15, 2026 at 11:54 PM EDT)

1 min read

Source: Hacker News

RedSun

The Red Sun vulnerability repository.

Now, normally I would just drop the PoC code and let people figure it out. But I can’t for this one; it’s way too funny. When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that’s supposed to protect decides that it is a good idea to just rewrite the file it found again to its original location. The PoC abuses this behaviour to overwrite system files and gain administrative privileges.

I think antimalware products are supposed to remove malicious files, not be sure they are there, but that’s just me.

BottomText

Back to Blog

RedSun: System user access on Win 11/10 and Server with the April 2026 Update

RedSun

Related posts

Security news weekly round-up - 17th April 2026

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

KelpDAO suffers $290 million heist tied to Lazarus hackers

China's Apple App Store infiltrated by crypto-stealing wallet apps