Three critical security vulnerabilities in Microsoft Defender are actively being exploited by cybercriminals, leaving many systems at risk. Despite Microsoft’s recent updates, two of these flaws remain unpatched, heightening concerns about potential threats. These vulnerabilities, identified as BlueHammer, RedSun, and UnDefend, were brought to light by a researcher known as Chaotic Eclipse.
Details of the Vulnerabilities
BlueHammer and RedSun are categorized as local privilege escalation (LPE) vulnerabilities, allowing attackers to gain higher access levels within compromised systems. UnDefend, on the other hand, facilitates a denial-of-service (DoS) attack, effectively preventing vital definition updates. The disclosure of these zero-day flaws was a response to perceived issues in Microsoft’s vulnerability disclosure process.
Current Exploitation and Response
Microsoft has addressed BlueHammer through its latest Patch Tuesday release, identifying it with CVE-2026-33825. However, RedSun and UnDefend remain unpatched, leaving systems vulnerable to ongoing attacks. Cybersecurity firm Huntress has confirmed active exploitation of all three vulnerabilities, with BlueHammer being targeted since April 10, 2026. The exploitation of RedSun and UnDefend was observed on April 16, 2026.
Huntress noted that the attacks involve typical enumeration commands, indicating direct threat actor involvement. In response, the firm has isolated affected systems to mitigate further risks. Efforts to reach Microsoft for additional comments are ongoing, with updates expected as new information becomes available.
Implications and Future Outlook
The exploitation of these vulnerabilities underscores the critical need for prompt patching and robust security measures. Organizations using Microsoft Defender must remain vigilant and apply available updates promptly. The cybersecurity community will continue to monitor the situation closely, awaiting Microsoft’s response to the remaining unpatched vulnerabilities.
As threats evolve, maintaining updated security protocols and staying informed about potential vulnerabilities is essential for safeguarding systems against cyber threats.
