Second Defender-based LPE in days
The Defender flaw addressed earlier this week as a part of Patch Tuesday was one of many two zero-day bugs Microsoft mounted, and it additionally allowed native privilege escalation stemming from “inadequate granularity of entry management.”
Whereas Microsoft attributed the invention of the flaw, tracked as CVE-2026-33825, to security researcher Zen Dodd, the flaw already had a PoC exploit, “BlueHammer,” obtainable earlier than it was even mounted. It got here from “Chaotic Eclipse,” an alias utilized by Nightmare Eclipse on different publishing platforms. The flaw acquired a high-severity score of seven.8 out of 10.
Eclipse has some disagreements with how Microsoft dealt with the disclosure of CVE-2026-33825. Whereas it’s unknown if “RedSun” was reported to Microsoft earlier than disclosure, the PoC nonetheless sits unaddressed.
Microsoft didn’t instantly reply to CSO’s requests for feedback. Dormann confirmed that the exploit is being detected on VirusTotal, however depends closely on a take a look at file signature (EICAR), which could be dealt with to some extent with string encryption. “Defender (Microsoft) at the moment doesn’t detect the exploit in both case,” he famous.
