Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

A security researcher operating under the alias Chaotic Eclipse has publicly released exploit code for an unpatched Windows local privilege escalation (LPE) vulnerability dubbed BlueHammer, citing frustration with Microsoft's Security Response Center (MSRC) handling of the disclosure. The flaw combines a TOCTOU (time-of-check to time-of-use) race condition with path confusion to grant attackers access to the Security Account Manager (SAM) database, enabling escalation to SYSTEM privileges. Independent analyst Will Dormann confirmed the exploit works, though it is not trivially exploitable and contains bugs that may cause failures on Windows Server. Microsoft has not yet issued a patch or public response.