Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress has issued an urgent warning regarding the active exploitation of three zero-day vulnerabilities affecting Microsoft Defender, codenamed BlueHammer, RedSun, and UnDefend. These security flaws allow threat actors to achieve elevated privileges on compromised systems, significantly undermining endpoint protection capabilities. While initially disclosed by researcher Chaotic Eclipse, two of these vulnerabilities remain unpatched, leaving organizations exposed to potential defense evasion and privilege escalation attacks. The exploitation of these weaknesses enables adversaries to bypass critical security controls, potentially facilitating further network compromise. Immediate mitigation involves monitoring for suspicious activity targeting Defender processes and applying patches as soon as they become available. Security teams should prioritize verifying system integrity and assume potential bypass of existing Defender configurations until vendors release comprehensive fixes to address these critical security gaps effectively.

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (

Huntress has issued an urgent warning regarding the active exploitation of three zero-day vulnerabilities affecting Microsoft Defender, codenamed BlueHammer, RedSun, and UnDefend. These security flaws allow threat actors to achieve elevated privileges on compromised systems, significantly undermining endpoint protection capabilities. While initially disclosed by researcher Chaotic Eclipse, two of these vulnerabilities remain unpatched, leaving organizations exposed to potential defense evasion and privilege escalation attacks. The exploitation of these weaknesses enables adversaries to bypass critical security controls, potentially facilitating further network compromise. Immediate mitigation involves monitoring for suspicious activity targeting Defender processes and applying patches as soon as they become available. Security teams should prioritize verifying system integrity and assume potential bypass of existing Defender configurations until vendors release comprehensive fixes to address these critical security gaps effectively. Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse ( Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days by a researcher known as Chaotic Eclipse (