Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender are being actively exploited by threat actors to elevate privileges in compromised systems. The flaws, known as BlueHammer, RedSun, and UnDefend, were disclosed by researcher Chaotic Eclipse and are being leveraged to target Microsoft systems. Two of the vulnerabilities remain unpatched, leaving users vulnerable to attack. The exploitation of these vulnerabilities allows attackers to gain increased control over compromised systems, posing a significant security risk. Huntress has warned of the active exploitation, emphasizing the need for immediate assessment of exposure¹. This active exploitation highlights the urgency of patching vulnerabilities in Microsoft Defender, as the window for patching is rapidly diminishing. The fact that two of the vulnerabilities remain unpatched underscores the importance of swift action to mitigate potential attacks, so what matters most to practitioners is assessing their exposure to these vulnerabilities immediately.