Threat Actors Exploiting Three Zero-Day Vulnerabilities in Microsoft Defender

Cybersecurity firm Huntress reported that threat actors are actively exploiting three zero-day vulnerabilities in Microsoft Defender to achieve elevated privileges on compromised systems. The flaws, codenamed BlueHammer, RedSun, and UnDefend, were disclosed by a researcher known as Chaotic Eclipse. Two of the vulnerabilities remain unpatched at the time of reporting. The attacks specifically target Microsoft Defender, though no CVE IDs or exact exploitation methods were provided in the notice. The impact involves unauthorized privilege escalation, enabling attackers to gain higher-level access on affected systems.