Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

Three zero-day vulnerabilities in Microsoft Defender, dubbed BlueHammer, RedSun, and UnDefend, are being exploited by attackers to elevate access on compromised systems¹. Two of these flaws remain unpatched, allowing malicious actors to escalate privileges locally. A researcher, known as Chaotic Eclipse, disclosed the vulnerabilities after expressing dissatisfaction with Microsoft's handling of the issue. The researcher also released proof-of-concept code for one of the unpatched Windows bugs, potentially enabling others to replicate the attacks. The exploitation of these zero-days enables attackers to gain higher privileges, posing a significant threat to system security. As a result, the window for patching these vulnerabilities is rapidly diminishing, making it essential for practitioners to assess their exposure immediately. The fact that two of these flaws remain unpatched underscores the urgency of this situation, so what matters most to security professionals is the need to evaluate their systems' vulnerability to these exploits without delay.