Three Windows zero-day vulnerabilities are actively being exploited in attacks

Security researchers have observed active exploitation of three Windows security vulnerabilities that were recently disclosed as zero-day flaws. The attacks target systems running Microsoft's operating system to gain elevated administrator permissions. The vulnerabilities, dubbed BlueHammer, RedSun, and UnDefend, affect Microsoft Defender and Windows security components. Security firm Huntress Labs reported seeing all three exploits deployed in the wild, with BlueHammer exploitation observed since April 10. While Microsoft has patched the BlueHammer vulnerability, tracked as CVE-2026-33825, in its April 2026 security updates, the RedSun and UnDefend flaws remain unaddressed. Attackers can still use RedSun to gain SYSTEM privileges on Windows 10, Windows 11, and Windows Server 2019 and later systems even after applying recent patches. Proof-of-concept exploit code for all three issues was published earlier this month Microsoft stated it has a commitment to investigate reported security issues and update impacted devices to protect customers. The company said it supports coordinated vulnerability disclosure practices to ensure issues are carefully investigated before public disclosure.