Latest Microsoft Defender Flaw Exploited by Hackers as Zero-Day Vulnerability

Vaibhav April 23, 2026
www.news4hackers.com-latest-microsoft-defender-flaw-exploited-by-hackers-as-zero-day-vulnerability-latest-microsoft-defender-flaw-exploited-by-hackers-as-zero-day-vulnerability
Post Views: 9

Microsoft Privilege Escalation Vulnerability Exploited as Zero-Day

A recently discovered vulnerability in Microsoft’s Defender software has been exploited as a zero-day attack, allowing attackers to gain System privileges. On April 14, Microsoft released a patch for the flaw, identified as CVE-2026-33825, but not before it was publicly disclosed on April 2 by a researcher known as Chaotic Eclipse.

Exploit Techniques

  • BlueHammer: A time-of-check to time-of-use (TOCTOU) vulnerability in the signature update mechanism, allowing attackers to suspend Defender’s operation and trick it into copying the Security Account Manager (SAM) database to its output directory.
  • RedSun: Rewriting critical system files to achieve System privileges.
  • UnDefend: Killing Defender by locking definition files.
According to Huntress, the first attacks leveraging the publicly available proof-of-concept (PoC) exploit code were detected on April 10, with additional activity observed on April 16.

The attackers accessed the target environment through an SSL VPN connection to a FortiGate firewall and staged binaries from a low-privilege user’s Pictures folder. However, they were unsuccessful in exploiting the vulnerability due to their lack of familiarity with how the Defender exploits worked.

Action Taken

  • The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-33825 to its Known Exploited Vulnerabilities (KEV) catalog on April 26, urging federal agencies to patch the vulnerability by May 6.

Microsoft released a patch for the vulnerability on April 14, addressing the issue and preventing further exploitation.



About Author

Vaibhav

See author's posts

More Stories

www.news4hackers.com-gdpr-enforcement-hinges-on-compliance-efforts-gdpr-enforcement-hinges-on-compliance-efforts

GDPR Enforcement Hinges on Compliance Efforts

Vaibhav April 23, 2026
www.news4hackers.com-how-cybercrime-threatens-the-reputation-of-banks-and-financial-institutions-how-cybercrime-threatens-the-reputation-of-banks-and-financial-institutions

How Cybercrime Threatens the Reputation of Banks and Financial Institutions

Vaibhav April 23, 2026
Fake-TikTok-Downloader-Extensions-Hacked-Exposing-130-000-Users-Data

Fake TikTok Downloader Extensions Hacked, Exposing 130,000 Users’ Data

Vaibhav April 20, 2026

Latest Cyber Security News

www.news4hackers.com-apple-fixes-vulnerability-in-ios-allowing-retrieval-of-deleted-messages-apple-fixes-vulnerability-in-ios-allowing-retrieval-of-deleted-messages

Apple Fixes Vulnerability in iOS Allowing Retrieval of Deleted Messages

Vaibhav April 23, 2026
www.news4hackers.com-cyber-insurance-claims-surge-amid-rising-ransomware-threats-and-scams-cyber-insurance-claims-surge-amid-rising-ransomware-threats-and-scams

Cyber Insurance Claims Surge Amid Rising Ransomware Threats and Scams

Vaibhav April 23, 2026
www.news4hackers.com-gdpr-enforcement-hinges-on-compliance-efforts-gdpr-enforcement-hinges-on-compliance-efforts

GDPR Enforcement Hinges on Compliance Efforts

Vaibhav April 23, 2026
www.news4hackers.com-open-source-automated-red-teaming-framework-for-ai-apps-open-source-automated-red-teaming-framework-for-ai-apps

Open-Source Automated Red Teaming Framework for AI Apps

Vaibhav April 23, 2026
www.news4hackers.com-balancing-security-and-business-growth-at-zoom-after-one-year-as-ciso-balancing-security-and-business-growth-at-zoom-after-one-year-as-ciso

Balancing Security and Business Growth at Zoom After One Year as CISO

Vaibhav April 23, 2026
en_USEnglish
en_USEnglish