Hackers Exploit Unpatched Vulnerabilities in Windows Defender
A security researcher released details and exploit code for three vulnerabilities in Windows Defender. Hackers are now using this code in attacks on organizations, according to a cybersecurity firm. Microsoft stated it supports coordinated vulnerability disclosure.
Substrate placeholder — needs reviewHackers are exploiting three unpatched security vulnerabilities in Windows Defender to target organizations, TechCrunch reported. The vulnerabilities allow attackers to gain high-level or administrator access to affected Windows computers.
Disclosed A security researcher known as Chaotic Eclipse published details of the vulnerabilities and exploit code on their blog and GitHub page.
Earlier this month, Chaotic Eclipse released code for an unpatched vulnerability in Windows. Days later, the researcher published UnDefend, followed by RedSun earlier this week. ” The researcher also wrote, “Huge thanks to MSRC leadership for making this possible,” referring to Microsoft’s Security Response Center.
Response Microsoft’s communications director Ben Hope stated that the company supports coordinated vulnerability disclosure, which involves investigating and addressing issues before public release.
A cybersecurity firm reported that hackers are using the published exploit code in real-world attacks. John Hammond, a researcher at Huntress, stated that the availability of the code creates a race between defenders and cybercriminals. Hammond added that defenders must protect against actors who rapidly adopt these exploits as ready-made tools.
Transparency
The rewrite presents the vulnerabilities and responses in a neutral, factual manner without inherited slanted framing from sources.
The researcher's full disclosure accelerates Microsoft's patching process and empowers the security community to strengthen defenses proactively.
Reported by a single outlet. This score reflects source tier and factual specificity — corroboration is limited with one source.
Sources framed at 22 → our rewrite 0. We stripped 22 points of framing the sources carried in.
Story details
Related Stories
abcnews.go.comTrump Signs Executive Order Prioritizing AI for Cybersecurity Innovation
President Donald J. Trump signed an executive order on June 2 directing federal agencies to accelerate artificial intelligence development for protecting critical infrastructure. The order reverses earlier emphasis on slower deployment and risk reviews.
The HillTrump administration proposes expanding 401(k) alternative asset options; Democrats urge withdrawal
Top Democratic lawmakers sent a letter Monday asking the Department of Labor to drop a rule that would allow cryptocurrency, private equity and private credit in retirement plans. They said the change would expose an estimated $14.2 trillion in savings to greater risk and higher…
The VergeMicrosoft Launches Scout, an Always-On AI Agent Built on OpenClaw, at Build Conference
Microsoft introduced Scout, an always-on AI assistant built on the OpenClaw framework, at its annual Build developer conference. The agent integrates with Microsoft 365 tools and requires a GitHub Copilot subscription.