CISA: Windows BlueHammer flaw now exploited by ransomware gangs
Summary
CISA has confirmed that ransomware gangs are actively exploiting the BlueHammer vulnerability in Microsoft Defender. This privilege escalation flaw was previously used in zero-day attacks, indicating a growing trend of its weaponization by threat actors.
IFF Assessment
The active exploitation of a privilege escalation vulnerability by ransomware gangs is bad news for defenders as it allows attackers to gain elevated access and potentially deploy ransomware.
Severity
The vulnerability allows for privilege escalation, which is a critical impact. Given its exploitation in the wild and by ransomware gangs, it suggests a high degree of exploitability and a significant risk to affected systems.
Defender Context
Defenders need to prioritize patching this vulnerability and ensure their Microsoft Defender instances are up-to-date to mitigate the risk of exploitation by ransomware. Monitoring for indicators of compromise related to this vulnerability's exploitation is also crucial.