Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Three zero-day vulnerabilities in Microsoft Defender are being actively exploited by threat actors to gain elevated privileges on compromised systems. The flaws, codenamed BlueHammer, RedSun, and UnDefend, were released as zero-days by researcher Chaotic Eclipse. Two of the three vulnerabilities remain unpatched, leaving systems vulnerable. Organizations using Microsoft Defender should prioritize patching, monitor for suspicious activity, and implement defense-in-depth controls to mitigate the risk of privilege escalation attacks exploiting these flaws.

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

Three zero-day vulnerabilities in Microsoft Defender are being actively exploited by threat actors to gain elevated privileges on compromised systems. The flaws, codenamed BlueHammer, RedSun, and UnDefend, were released as zero-days by researcher Chaotic Eclipse. Two of the three vulnerabilities remain unpatched, leaving systems vulnerable. Organizations using Microsoft Defender should prioritize patching, monitor for suspicious activity, and implement defense-in-depth controls to mitigate the risk of privilege escalation attacks exploiting these flaws. Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse ( Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (