# Three Microsoft Defender zero-days actively exploited, two remain unpatched _Friday, April 17, 2026 at 12:08 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![Three Microsoft Defender zero-days actively exploited, two remain unpatched — Primary](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJ8x3Yg0CYomOu1IpHfhfmiqJtgaMSnnoE2tJR6RdXGIy1rLRTORge-ukCLYkEj6xzeGTvmuy-68qfU4me_nG7pvwZi21h7ycQFwY3OXCH1_p_g35BAYeaHdz3uRKJD2mQCjUIcxha2WzMePpup2VHarxZVxy3QNtaRAjET-2FK7GemiuvyI8MpNPFVyEQ/s1700-e365/defender.jpg) Cybersecurity firm Huntress reports active exploitation of three zero-day vulnerabilities in Microsoft Defender, with threat actors leveraging the flaws to gain elevated system privileges. The vulnerabilities, codenamed BlueHammer, RedSun, and UnDefend, were publicly disclosed by researcher Chaotic Eclipse following disputes with Microsoft's vulnerability disclosure process. BlueHammer and RedSun enable local privilege escalation within Microsoft Defender, while UnDefend can trigger denial-of-service conditions that block security definition updates. Microsoft addressed BlueHammer, tracked as CVE-2026-33825, in recent Patch Tuesday updates. However, RedSun and UnDefend remain unpatched at publication time. Huntress observed in-the-wild exploitation beginning with BlueHammer on April 10, followed by RedSun and UnDefend proof-of-concept deployments on April 16. The security vendor noted attacker activity including enumeration commands like whoami /priv, cmdkey /list, and net group, indicating hands-on-keyboard operations rather than automated attacks. The company has isolated affected systems to contain post-exploitation activity. Microsoft has not yet commented on the ongoing exploitation or patching timeline for the remaining vulnerabilities. These Defender flaws join a growing list of security issues affecting Microsoft products, highlighting challenges in enterprise endpoint protection maintenance and timely vulnerability response. ## Sources - [The Hacker News](https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html) --- Canonical: https://techandbusiness.org/newswire/6IFqLXQK07mFWbhNIESuVC Retrieved: 2026-04-19T03:07:52.993Z Publisher: Tech & Business (techandbusiness.org)