# Three Microsoft Defender Zero-Days Under Active Exploitation; Two Remain Unpatched
Threat actors are actively exploiting a trio of recently disclosed zero-day vulnerabilities in Microsoft Defender to escalate privileges on compromised Windows systems, according to a fresh advisory from managed detection and response firm Huntress. Two of the three flaws — dubbed BlueHammer, RedSun, and UnDefend by the researcher who published them — remain unpatched at the time of writing, leaving enterprises with Microsoft's flagship endpoint protection platform exposed to local privilege escalation attacks that can turn a low-privilege foothold into full SYSTEM-level control.
The vulnerabilities were dropped publicly as zero-days by an independent researcher operating under the handle Chaotic Eclipse, bypassing coordinated disclosure channels and forcing defenders into a reactive posture. Huntress telemetry indicates that in-the-wild abuse followed within days of publication, a pattern increasingly common when exploit details are released without vendor coordination.
## Background and Context
Microsoft Defender ships enabled by default on every supported build of Windows 10, Windows 11, and Windows Server, making it one of the most widely deployed security agents in the world. That ubiquity is precisely what makes these flaws valuable: an exploit that works against Defender is effectively a universal local privilege escalation (LPE) primitive on any unmanaged or minimally managed Windows estate.
The three vulnerabilities — BlueHammer (the technical write-up for which requires GitHub authentication to view), RedSun, and UnDefend — all target the privileged service surface that Defender exposes to the local system. Because Defender components run as NT AUTHORITY\SYSTEM and interact with user-mode processes through well-defined IPC boundaries, any parsing flaw, race condition, or symbolic-link handling bug within that trust boundary becomes a reliable path to full compromise.
The disclosure arrives against a backdrop of sustained pressure on endpoint security tooling. Over the past eighteen months, researchers and threat actors alike have increasingly focused on EDR and antivirus platforms — not only as targets to bypass, but as vectors to exploit. Defender, CrowdStrike Falcon, SentinelOne, and other market leaders have all seen LPE or tamper-bypass issues disclosed in recent quarters.
## Technical Details
While full proof-of-concept code for all three issues is not uniformly public — BlueHammer's write-up sits behind a GitHub sign-in wall, likely to introduce minimal friction and deniability for the researcher — the general class of flaw is consistent across the set.
BlueHammer reportedly abuses a handling flaw in one of Defender's privileged components to coerce it into acting against an attacker-controlled path. This pattern, sometimes described as a "confused deputy" attack, leverages the service's elevated token to perform file operations the calling user could not perform directly. The net effect is the ability to write or modify files in protected locations, which can be chained into DLL hijacking or service binary replacement to achieve SYSTEM execution.
RedSun appears to target Defender's update or scan-pipeline machinery, abusing how the service interacts with the filesystem during signature refresh or quarantine operations. Flaws in this area historically produce arbitrary file delete primitives — a deceptively powerful class of bug that, on modern Windows, can be converted into SYSTEM via well-documented techniques targeting installer rollback directories and component store manifests.
UnDefend — the most evocatively named of the three — is understood to disable or degrade specific protection components from a low-privilege context, clearing the way for subsequent tooling or persistence mechanisms. Tamper-protection bypasses of this type are especially prized by ransomware affiliates, since they neutralize the single control most likely to interrupt the attack chain.
Of the three, only one is reported to have received a patch through Microsoft's regular security update cadence. The remaining two are live, weaponized, and unpatched at the time of this report — a combination that places them firmly in the category of issues warranting out-of-band mitigation.
## Real-World Impact
For defenders, the practical implication is stark: on any Windows system where an attacker can execute code as a standard user — whether through phishing, a browser exploit, a malicious document, or a compromised third-party application — these flaws offer a reliable path to SYSTEM. Once SYSTEM is reached, the attacker effectively owns the host: credential material in LSASS, cached domain secrets, scheduled tasks, and the ability to disable or uninstall security tooling are all within reach.
Huntress' telemetry suggests the exploitation is not theoretical. Organizations most at risk include those with flat internal networks, heavy reliance on Defender as a sole endpoint control, and limited visibility into privilege-escalation telemetry — a profile that describes a substantial share of mid-market and managed-service-provider customer environments.
The impact is compounded by the fact that many organizations treat Defender as a "set and forget" control. Without supplementary EDR telemetry or behavior-based detection, an attacker exploiting Defender itself can move laterally with very little signal reaching the SOC.
## Threat Actor Context
Huntress has not attributed the activity to a specific named group, and the pattern of exploitation — broad, opportunistic, and fast to ramp up after public disclosure — is more consistent with commodity criminal tooling than with a targeted nation-state campaign. That profile matches the typical life cycle of a publicly released Windows LPE: initial pickup by access brokers and ransomware affiliates, followed weeks later by incorporation into widely distributed post-exploitation frameworks.
The researcher behind the disclosures, Chaotic Eclipse, is not known to be aligned with any specific adversary. The decision to release without coordination is, however, operationally indistinguishable from a disclosure designed to benefit offensive users in the short term, regardless of intent.
## Defensive Recommendations
Until Microsoft ships fixes for the outstanding two vulnerabilities, defenders should treat this as a live LPE exposure and respond accordingly:
ProgramData\Microsoft\Windows Defender, and tamper-protection state changes.## Industry Response
The security community's response has been swift if uneven. Huntress and several peer vendors have pushed behavioral detections targeting the observed exploitation patterns, and detection engineers across the open-source community have begun publishing Sigma and KQL rules keyed to the unique telemetry signatures associated with each flaw. Microsoft has acknowledged the issues and indicated that remaining patches are in development, though no firm timeline has been published.
The broader takeaway is a familiar one: ubiquitous security software is, by definition, a high-value target. Defender's enormous install base is its strength and its liability, and organizations relying on it as a primary control should assume that a steady cadence of disclosures like this one is the new normal — and architect their defenses with that assumption in mind.
---
**