好的,我现在需要帮用户总结一篇文章,控制在100字以内。首先,我得仔细阅读文章内容,抓住关键点。 文章主要讲的是三个Windows的安全漏洞被利用,攻击者试图获取系统权限。漏洞包括BlueHammer、RedSun和UnDefend,其中前两个是本地权限提升问题,第三个可以阻止微软 Defender 更新。安全研究员Chaotic Eclipse发布了概念验证代码,抗议微软的处理方式。 微软已经修复了BlueHammer,但另外两个漏洞尚未修补。攻击者利用这些漏洞获取SYSTEM权限,并且在野中被使用。微软表示他们会尽快修复问题。 现在我需要把这些信息浓缩到100字以内。重点包括:三个漏洞、攻击目标、研究员的行动、漏洞的影响以及微软的回应。 确保语言简洁明了,避免使用复杂的术语。可能的结构是:三个漏洞被利用,攻击目标权限提升;研究员抗议发布代码;其中两个未修复;微软正在处理中。 最后检查字数是否符合要求,并确保信息准确无误。 </think> 三个Windows安全漏洞被用于攻击以获取系统或管理员权限。安全研究员Chaotic Eclipse因抗议微软处理流程而发布概念验证代码。其中两个漏洞(BlueHammer和RedSun)为本地权限提升问题,第三个(UnDefend)可阻止微软 Defender 更新。目前BlueHammer已修复,另两个仍无补丁。 2026-4-17 06:16:41 Author: www.bleepingcomputer.com(查看原文) 阅读量:16 收藏
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions.
Since the start of the month, a security researcher known as "Chaotic Eclipse" or "Nightmare-Eclipse" has published proof-of-concept exploit code for all three security issues in protest to how Microsoft's Security Response Center (MSRC) handled the disclosure process.
Two of the vulnerabilities (dubbed BlueHammer and RedSun) are Microsoft Defender local privilege escalation (LPE) flaws, while the third (known as UnDefend) can be exploited as a standard user to block Microsoft Defender definition updates.
At the time of the leak, the security flaws these exploits targeted were considered zero-days by Microsoft's definition, since they had no official patches or updates to address them.
On Thursday, Huntress Labs security researchers reported seeing all three zero-day exploits deployed in the wild, with the BlueHammer vulnerability being exploited since April 10.
They also spotted UnDefend and RedSun exploits on a Windows device that was breached using a compromised SSLVPN user, in attacks showing evidence of "hands-on-keyboard threat actor activity."
"The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques," the researchers said.
Two zero-days still waiting for a patch
While Microsoft is now tracking the BlueHammer vulnerability as CVE-2026-33825 and has patched it in the April 2026 security updates, the other two flaws remain unaddressed.
As BleepingComputer previously reported, attackers can use the RedSun exploit to gain SYSTEM privileges on Windows 10, Windows 11, and Windows Server 2019 and later systems when Windows Defender is enabled, even after applying the April Patch Tuesday patches.
"When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that's supposed to protect decides that it is a good idea to just rewrite the file it found again to it's original location," the researcher explained. "The PoC abuses this behaviour to overwrite system files and gain administrative privileges."
"Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers as soon as possible," a Microsoft spokesperson told BleepingComputer earlier this week when contacted for more information on the disclosure issues reported by the anonymous researcher.
"We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community."
99% of What Mythos Found Is Still Unpatched.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.
如有侵权请联系:admin#unsafe.sh