Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Three zero-days in Microsoft Defender are actively exploited — BlueHammer is patched, but RedSun and UnDefend remain open. Here’s what you need to know.
What’s new: Three zero-day vulnerabilities in Microsoft Defender, codenamed BlueHammer, RedSun, and UnDefend, are being actively exploited. BlueHammer has been patched (CVE-2026-33825), but RedSun and UnDefend remain unpatched as of now. Exploitation of these flaws allows threat actors to gain elevated privileges and trigger denial-of-service conditions.
Who’s affected
Organizations using Microsoft Defender may be at risk, particularly those that have not applied the latest patches or are vulnerable to the unpatched flaws.
What to do
- Apply the latest Microsoft Defender updates to mitigate the BlueHammer vulnerability.
- Monitor for signs of exploitation related to RedSun and UnDefend, as they are still unpatched.
- Implement network segmentation and isolation measures to limit potential post-exploitation activity.
