"Huntress observed all three flaws being exploited in the wild, with BlueHammer being weaponized since April 10, 2026, followed by RedSun and UnDefend proof-of-concept exploits on April 16."
"BlueHammer and RedSun are local privilege escalation flaws impacting Microsoft Defender, while UnDefend can be used to trigger a denial-of-service condition and block definition updates."
Three vulnerabilities in Microsoft Defender, codenamed BlueHammer, RedSun, and UnDefend, are being exploited by threat actors for elevated privileges. BlueHammer and RedSun are local privilege escalation flaws, while UnDefend can trigger a denial-of-service condition. Microsoft has addressed BlueHammer in its recent Patch Tuesday updates, but the other two flaws remain unpatched. Huntress has observed these vulnerabilities being exploited in the wild, with BlueHammer weaponized since April 10, 2026. The cybersecurity vendor has isolated affected organizations to prevent further exploitation.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]