Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Source: The Hacker News

⚠️ Collection Error: Content refinement error: Error: 429 “you (bkperio) have reached your session usage limit, upgrade for higher limits: https://ollama.com/upgrade (ref: 0591be1e-75e5-46a9-9516-9e01431b5557)“

Threat Overview

Huntress warns that threat actors are actively exploiting three recently disclosed security flaws in Microsoft Defender to obtain elevated privileges on compromised systems. The vulnerabilities—codenamed BlueHammer, RedSun, and UnDefend—were all released as zero‑days by a researcher known as Chaotic Eclipse.

Exploited Vulnerabilities

BlueHammer

• Requires a GitHub sign‑in to trigger the exploit.
• Details on the exact attack vector have not been publicly disclosed.

RedSun

• No additional prerequisites are mentioned in the source material.
• Exploits a flaw that allows privilege escalation within Microsoft Defender.

UnDefend

• Another zero‑day flaw leveraged for elevated system privileges.
• Specific technical details remain limited.

Impact and Mitigation

• Impact: Successful exploitation grants attackers higher privileges, potentially enabling full control over the affected system.
• Mitigation: Organizations should monitor for indicators of compromise related to these exploits and apply any patches or mitigations released by Microsoft as soon as they become available.

Stay vigilant and ensure that security tools and endpoint protection are up to date to reduce the risk posed by these newly disclosed zero‑day vulnerabilities.