Hackers are exploiting newly disclosed Windows flaws before Microsoft patches all of them
Hackers are moving fast on Windows flaws
Hackers have broken into at least one organization by exploiting recently disclosed Windows security vulnerabilities that remain unpatched in part, according to cybersecurity firm Huntress.
In posts on X on Friday, Huntress said its researchers had observed attackers using three flaws it dubbed BlueHammer, UnDefend and RedSun. The company said it was unclear who was behind the attacks or which organization was targeted.
Microsoft has patched only one of the three bugs so far. A fix for BlueHammer was released earlier this week, but the other two vulnerabilities remain unpatched, leaving a window for attackers to continue using them.
Researcher-published exploit code appears to be in use
Huntress said the attacks appear to rely on exploit code published online earlier this month by a researcher who goes by Chaotic Eclipse. The researcher posted code on their blog for what they described as an unpatched Windows vulnerability, later followed by separate posts for UnDefend and RedSun.
In the posts, Chaotic Eclipse suggested a dispute with Microsoft was part of the motivation for making the code public. “I was not bluffing Microsoft and I’m doing it again,” the researcher wrote, adding, “Huge thanks to MSRC leadership for making this possible,” a reference to Microsoft’s Security Response Center.
The researcher later published code for all three vulnerabilities on GitHub.
Windows Defender is the target
Protect your privacy with Doppler VPN
3-day free trial. No registration. No logs.
All three flaws affect Microsoft’s Windows Defender antivirus software, according to the research. Huntress said the vulnerabilities can let an attacker gain high-level or administrator access on an affected Windows machine.
The company’s disclosure underscores the risks when proof-of-concept exploit code is released before vendors have finished patching related flaws. With at least two of the bugs still unpatched, organizations running affected systems may remain exposed while attackers continue to probe for vulnerable targets.
Sources:
Read more tech news on the Doppler VPN Blog.