Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Summary
Threat actors are actively exploiting three zero-day vulnerabilities in Microsoft Defender, identified as BlueHammer, RedSun, and UnDefend. These flaws allow attackers to gain elevated privileges within compromised systems, with two of the vulnerabilities remaining unpatched.
IFF Assessment
The active exploitation of unpatched zero-day vulnerabilities in widely used security software represents a significant threat to defenders, enabling attackers to bypass defenses and gain privileged access.
Defender Context
Defenders need to be aware of these actively exploited zero-days and prioritize patching or implementing compensating controls for Microsoft Defender. The fact that two remain unpatched indicates a critical window of opportunity for attackers, necessitating heightened vigilance for any unusual activity or signs of compromise.