Three Microsoft Defender Zero-Days Actively Exploited by Threat Actors

Three vulnerabilities in Microsoft Defender (codenamed BlueHammer, RedSun, and UnDefend) allow attackers to gain elevated privileges on compromised Windows systems. Published by researcher 'Chaotic Eclipse' as zero-days in response to Microsoft's vulnerability disclosure process.

Exploitation of Windows Defender components to escalate privileges and gain administrator access. Exploit code is publicly available on GitHub.

Microsoft Windows Defender across Windows environments. BlueHammer has been patched, but RedSun and UnDefend remain unpatched.

Apply Microsoft patch for CVE-2026-33825 (BlueHammer) immediately. Monitor for patches for RedSun and UnDefend. Implement additional endpoint monitoring and restrict administrator privileges.