New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
Summary
A researcher has released a proof-of-concept exploit for a new Microsoft Defender zero-day vulnerability named "RedSun." This exploit, published in protest of Microsoft's handling of security researchers, allows an attacker to gain SYSTEM privileges.
IFF Assessment
This is bad news for defenders as a zero-day vulnerability with a public proof-of-concept allows for easy exploitation by threat actors to gain high-level privileges.
Severity
The vulnerability allows for SYSTEM privilege escalation, which is a critical impact. The availability of a public proof-of-concept increases exploitability, and the attack vector is likely local or network-adjacent, requiring minimal privileges to initiate.
Defender Context
This development highlights the ongoing risk of zero-day vulnerabilities in widely used security software like Microsoft Defender. Defenders should be prepared for potential exploitation and ensure timely patching once a fix is available. The researcher's protest also underscores the importance of robust vulnerability disclosure processes.