CISA has mandated that U.S. federal agencies patch CVE-2026-33825, a Microsoft Defender privilege escalation flaw dubbed BlueHammer, within two weeks (by May 7). The vulnerability allows low-privileged local attackers to gain SYSTEM permissions. It was publicly disclosed as a zero-day by researcher 'Chaotic Eclipse' after a dispute with Microsoft's Security Response Center, and Microsoft patched it on April 14 Patch Tuesday. Huntress Labs confirmed active exploitation in real attacks, with evidence of hands-on threat actor activity linked to suspicious FortiGate SSL VPN access and a Russian-geolocated source IP. Two additional related flaws (RedSun and UnDefend) were also disclosed by the same researcher.
Table of contents
Related Articles:Sort: