Hackers Exploit Unpatched Vulnerabilities in Windows Defender
A security researcher released details and exploit code for three vulnerabilities in Windows Defender. Hackers are now using this code in attacks on organizations, according to a cybersecurity firm. Microsoft stated it supports coordinated vulnerability disclosure.
app.buzzsumo.comHackers are exploiting three unpatched security vulnerabilities in Windows Defender to target organizations, TechCrunch reported. The vulnerabilities allow attackers to gain high-level or administrator access to affected Windows computers.
Vulnerabilities
Disclosed A security researcher known as Chaotic Eclipse published details of the vulnerabilities and exploit code on their blog and GitHub page.
Earlier this month, Chaotic Eclipse released code for an unpatched vulnerability in Windows. Days later, the researcher published UnDefend, followed by RedSun earlier this week. ” The researcher also wrote, “Huge thanks to MSRC leadership for making this possible,” referring to Microsoft’s Security Response Center.
Industry
Response Microsoft’s communications director Ben Hope stated that the company supports coordinated vulnerability disclosure, which involves investigating and addressing issues before public release.
A cybersecurity firm reported that hackers are using the published exploit code in real-world attacks. John Hammond, a researcher at Huntress, stated that the availability of the code creates a race between defenders and cybercriminals. Hammond added that defenders must protect against actors who rapidly adopt these exploits as ready-made tools.
Story Timeline
4 events- Earlier this week
Chaotic Eclipse published RedSun, including exploit code for a Windows Defender vulnerability.
1 sourceTechCrunch - Days earlier
Chaotic Eclipse published UnDefend with exploit code for Windows Defender vulnerabilities.
1 sourceTechCrunch - Earlier this month
Chaotic Eclipse published initial exploit code for an unpatched Windows vulnerability on their blog.
1 sourceTechCrunch - Recent days
Hackers began exploiting the published vulnerabilities in real-world attacks, according to a cybersecurity firm.
1 sourceTechCrunch
Potential Impact
- 01
Organizations using Windows Defender may face increased risk of unauthorized access to systems.
- 02
Cybersecurity teams could accelerate patching efforts in response to active exploits.
- 03
Microsoft may prioritize fixes for the disclosed vulnerabilities following public release.
- 04
Researchers might face scrutiny over full disclosure practices in similar cases.
Transparency Panel
Related Stories
AxiosWorld Announces Integrations with Zoom, DocuSign and Others for Iris-Scanning Identity Tool
A company co-founded by OpenAI's Sam Altman unveiled expanded integrations for its World ID protocol with platforms including Zoom, Tinder and Shopify. The firm, known for iris-scanning orbs, upgraded its identity tool and plans to open-source it for broader app authentication. A…
2 sourcesWhite House Announces NASA Plan for Nuclear Reactors on Moon and in Orbit
The White House has directed NASA to collaborate with the Departments of Defense and Energy on developing nuclear reactors for the moon's surface and orbit. The initiative aims to provide sustained power for future space missions. Technologies are targeted to produce at least 20…
forbes.comWaymo Opens Public Robotaxi Rides in Miami and Orlando, Introduces Teen Accounts in Phoenix
Waymo announced that fully autonomous robotaxi rides are now available to the general public in Miami and Orlando. The company also introduced highway travel in Miami and accounts for teens ages 14 to 17 in Phoenix. These services began on April 15, 2026.