Hackers are exploiting three zero-day vulnerabilities in Microsoft Windows Defender to gain elevated system privileges. Cybersecurity firm Huntress observed these flaws in real-world attacks involving hands-on-keyboard activity.
A security researcher publicly released the exploits to protest Microsoft's disclosure process. The vulnerabilities, named BlueHammer, RedSun, and UnDefend, allow attackers to escalate privileges or block security updates.
Microsoft patched the BlueHammer flaw (CVE-2026-33825) in April. The RedSun and UnDefend vulnerabilities currently remain unpatched.