Hackers have begun exploiting multiple Windows vulnerabilities after a security researcher publicly released working exploit code, with cybersecurity analysts confirming at least one organization has already been compromised.
Huntress Identifies Active Exploitation Of Three Flaws
Huntress reported that attackers are using three vulnerabilities—BlueHammer, UnDefend, and RedSun—to gain unauthorized access to systems.
Researchers said the attacks rely on publicly available exploit code, though the identity of the attackers and the targeted organization remains unclear.
Only One Vulnerability Patched So Far
Of the three flaws, only BlueHammer has received a patch from Microsoft, which released a fix earlier in the week. The remaining vulnerabilities, UnDefend and RedSun, are still unpatched.
All three issues affect Windows Defender, Microsoft’s antivirus system, and can allow attackers to gain high-level or administrator access to affected machines.
Researcher Published Exploit Code Following Dispute
A researcher operating under the name Chaotic Eclipse published exploit code for the vulnerabilities on a personal blog and GitHub repository over the past two weeks.
The researcher indicated that the disclosure followed a dispute with Microsoft, referencing the company’s Microsoft Security Response Center in public posts.
Initial code for BlueHammer was released earlier in the month, followed by UnDefend and RedSun in subsequent days.
Full Disclosure Accelerates Risk Of Real World Attacks
The incident reflects a practice known as “full disclosure,” where vulnerability details—and sometimes working exploit code—are released publicly before fixes are available.
While coordinated disclosure typically allows vendors time to address issues before publication, breakdowns in that process can lead to immediate risk, as attackers gain access to ready-made tools.
Defenders Race To Respond To Public Exploits
John Hammond said the availability of exploit code creates urgency for defenders, who must respond quickly to prevent misuse.
He noted that such scenarios create a “tug-of-war” dynamic, where defenders attempt to mitigate threats while attackers rapidly adopt newly released tools.
Microsoft stated that it supports coordinated vulnerability disclosure practices, which aim to balance transparency with user protection.
Featured image credits: Roboflow Universe
For more stories like it, click the +Follow button at the top of this page to follow us.