Home / Technology / Researcher's Revenge: Microsoft Defender Flaws Exposed
Researcher's Revenge: Microsoft Defender Flaws Exposed
25 Apr
Summary
- Microsoft Defender flaw BlueHammer added to CISA's exploited list.
- Federal agencies must patch by May 6 due to active exploitation.
- Disgruntled researcher 'Chaotic Eclipse' disclosed multiple zero-days.
The US Cybersecurity and Infrastructure Security Agency (CISA) has officially recognized BlueHammer, a critical flaw within Microsoft Defender, by adding it to its Known Exploited Vulnerabilities catalog. This action mandates that Federal Civilian Executive Branch (FCEB) agencies must address the vulnerability by May 6, 2026, or cease its use.
BlueHammer, tracked as CVE-2026-33825, allows unauthorized users to escalate privileges locally on affected systems. Its initial disclosure in early April 2026 came from security researcher 'Chaotic Eclipse,' who expressed dissatisfaction with Microsoft's vulnerability disclosure procedures. The researcher also subsequently revealed RedSun, another privilege escalation flaw, and unDefend, which can block Defender updates.
Security researchers from Huntress Labs have confirmed that these vulnerabilities are not merely theoretical but are actively being exploited by malicious actors globally. Their analysis indicates that this activity is part of broader intrusions, with suspicious infrastructure linked to the exploitation attempts observed in various regions, including Russia.
