Ethical Hacking News
Recently leaked Windows zero-days have now been exploited by threat actors to gain SYSTEM or elevated administrator permissions, with two zero-days remaining unpatched. The incident highlights the ongoing importance of timely updates and the need for continued vigilance in the fight against cyber threats.
Three previously unknown zero-day vulnerabilities in Microsoft's Windows operating system have been disclosed. The vulnerabilities, BlueHammer, RedSun, and UnDefend, were identified by security researcher Chaotic Eclipse. These exploits allow threat actors to gain SYSTEM or elevated administrator permissions on Windows systems. Microsoft has patched the BlueHammer vulnerability but two others remain unaddressed. The RedSun exploit allows attackers to bypass Windows Defender and gain SYSTEM privileges.
The world of cybersecurity has never been more unpredictable, and the recent disclosure of three previously unknown zero-day vulnerabilities in Microsoft's Windows operating system is a stark reminder of this. In an effort to bring attention to what many have deemed "inadequate" or "inefficient," security researcher Chaotic Eclipse has made available proof-of-concept exploit code for all three security issues - BlueHammer, RedSun, and UnDefend.
Since the beginning of April, a series of coordinated attacks was observed, with threat actors taking advantage of these previously unknown vulnerabilities to gain SYSTEM or elevated administrator permissions. Two of the vulnerabilities, BlueHammer and RedSun, are considered local privilege escalation (LPE) flaws in Microsoft Defender, while the third, UnDefend, allows an attacker to block Microsoft Defender definition updates.
The Huntress Labs security researchers have reported seeing all three zero-day exploits deployed in the wild, with the BlueHammer vulnerability being exploited since April 10. They also spotted UnDefend and RedSun exploits on a Windows device that was breached using a compromised SSLVPN user, in attacks showing evidence of "hands-on-keyboard threat actor activity."
Microsoft has now patched the BlueHammer vulnerability, tracking it as CVE-2026-33825 and releasing an update for April 2026. However, two zero-days remain unaddressed.
The RedSun exploit, meanwhile, allows attackers to gain SYSTEM privileges on Windows 10, Windows 11, and Windows Server 2019 and later systems when Windows Defender is enabled, even after applying the April Patch Tuesday patches. The researcher explained that "when Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to its original location." This behavior can be exploited by attackers to overwrite system files and gain administrative privileges.
According to a Microsoft spokesperson, "Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers as soon as possible. We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community."
In recent months, there have been concerns about how Microsoft's Security Response Center handled the disclosure process for these previously unknown vulnerabilities. The researcher Chaotic Eclipse, who has gained notoriety in the cybersecurity world for his "protest" exploits, published proof-of-concept exploit code for all three security issues.
"The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques," the researchers said. "99% of What Mythos Found Is Still Unpatched."
In light of these recent discoveries, it has become clear that there are still many unaddressed vulnerabilities in Microsoft's Windows operating system. A new wave of exploits is expected, making cybersecurity a crucial topic to discuss and address.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Dark-Days-of-Windows-Recently-Leaked-Zero-Days-Now-Exploited-in-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/recently-leaked-windows-zero-days-now-exploited-in-attacks/
https://tech.yahoo.com/cybersecurity/articles/zero-day-bluehammer-windows-exploit-094150709.html
https://nvd.nist.gov/vuln/detail/CVE-2026-33825
https://www.cvedetails.com/cve/CVE-2026-33825/
Published: Fri Apr 17 02:01:57 2026 by llama3.2 3B Q4_K_M
