🚨Heads up: Two of the three zero-days disclosed below have no available patch as of April 24, 2026. If your organization runs Windows with Microsoft Defender enabled — that is essentially every Windows machine — compensating controls must be implemented now, not after the next Patch Tuesday on May 13.
In the span of just 13 days between April 3 and April 16, 2026, a disgruntled security researcher operating under the pseudonym Chaotic Eclipse (also known as Nightmare-Eclipse) publicly dropped three working exploit tools targeting Microsoft Defender — the antivirus software running by default on virtually every Windows computer on the planet. All three have been confirmed as actively exploited in real-world attacks by endpoint security firm Huntress Labs. The story behind these disclosures is as alarming as the exploits themselves: a breakdown in the standard vulnerability disclosure process turned into a major security crisis for billions of users worldwide.
Meet the Three Exploits
Each of the three vulnerabilities targets a different component of Microsoft Defender’s internal mechanisms, yet they compose into a single, devastatingly effective attack chain. Here’s a breakdown of each:
How Did This Happen? The Disclosure Breakdown
The root cause of this crisis is a failed disclosure attempt. According to Chaotic Eclipse, the researcher submitted the BlueHammer vulnerability to Microsoft’s Security Response Center (MSRC) through the standard responsible disclosure process. However, Microsoft reportedly demanded a video demonstration before the report would even receive initial triage — an unusual requirement not listed in Microsoft’s official disclosure guidelines.
The researcher declined this demand. Microsoft allegedly dismissed the report. Frustrated, Chaotic Eclipse went public on April 3 with a working proof-of-concept on GitHub, along with a pointed message: “I was not bluffing Microsoft, and I’m doing it again.” Twelve days later, two more exploits followed. Microsoft’s later public statement emphasized support for “coordinated vulnerability disclosure” — pointedly sidestepping the question of why coordination broke down in the first place.
“An attacker uses BlueHammer or RedSun to achieve SYSTEM, then deploys UnDefend to ensure the endpoint protection layer becomes progressively less capable of catching follow-on activity. It is a layered degradation strategy, not a one-shot exploit.” — Vectra AI Security Research
BlueHammer — The First Strike
BlueHammer exploits a time-of-check to time-of-use (TOCTOU) race condition in Microsoft Defender’s threat remediation engine. When Defender detects and attempts to quarantine a malicious file, the exploit uses a technique called a batch opportunistic lock (oplock) to pause Defender’s file operation mid-execution. During this pause, the attacker substitutes an NTFS junction point — a filesystem trick that redirects Defender’s write operation from a temporary directory to C:\Windows\System32. Defender, believing it is simply cleaning up a threat, ends up writing the attacker’s payload with full SYSTEM-level privileges.
CVE-2026-338257.8CVSS Score (High)
- Disclosed: April 3, 2026 — published without prior patch
- First exploited in the wild: April 10, 2026 (confirmed by Huntress)
- Patched: April 14, 2026 via Patch Tuesday (CVE-2026-33825)
- CISA KEV Catalog: Added April 22; federal agencies must patch by May 6
- Technique: TOCTOU race condition + NTFS junction point redirect
This represents only 11 days of exposure between public disclosure and the patch — but those 11 days were enough for real threat actors to weaponize it against live targets. Huntress observed manual, hands-on-keyboard attacker activity using BlueHammer, running standard enumeration commands like whoami /priv, cmdkey /list, and net group — the hallmarks of a skilled human operator, not an automated script.
RedSun — Still Wide Open
RedSun is the second privilege escalation exploit in the trilogy, but it takes a different path through Defender’s internals. This one abuses Microsoft Defender’s cloud file rollback mechanism — a feature designed to restore files flagged as malicious back to their original location. The problem: Defender performs this restoration without validating where the target path actually points.
The attack works by first triggering a Defender detection with a crafted file, then replacing it with a cloud placeholder via the Windows Cloud Files API. As Defender begins its rollback process, the exploit uses the same oplock and NTFS junction combination to redirect the privileged write operation to C:\Windows\System32\TieringEngineService.exe — overwriting a legitimate system binary with an attacker-controlled one. A Windows COM object is then invoked to execute the binary as SYSTEM.
- Disclosed: April 16, 2026 alongside UnDefend
- Status: No CVE assigned. No patch. No public timeline from Microsoft.
- Confirmed working on fully patched Windows 10, 11, and Server 2016–2025
- Reliability: Near 100% on supported Windows versions, per researchers
- Technique: Cloud Files API abuse + NTFS junction redirect to System32
Important: RedSun remains effective even on systems that have applied all available April 2026 Patch Tuesday updates. Patching BlueHammer does not close this vector. Organizations should not assume patch compliance equals protection.
UnDefend — Blinding the Guard Dog
If BlueHammer and RedSun are the battering rams, UnDefend is the power outage that comes before the breach. Rather than escalating privileges, UnDefend targets Defender’s update mechanism directly — silently blocking the antivirus from receiving new signature updates. In its passive mode, the exploit locks Defender’s definition files, preventing the engine from detecting newly discovered threats. In aggressive mode, if Microsoft pushes a major platform update that replaces the core MsMpEng.exe binary, UnDefend can leverage the process to completely disable Defender.
- Type: Defense evasion / Denial-of-Service against endpoint protection
- Status: Unpatched, no CVE assigned, no Microsoft acknowledgment
- Passive mode: Locks Defender definition files, blocking signature updates
- Aggressive mode: Fully disables Defender when a major platform update is pushed
- Deceptive by design: Defender continues to appear healthy in management consoles even when blinded
This last detail — that UnDefend can falsify Defender’s health status in management dashboards — is particularly dangerous for enterprise environments. Security operations teams relying on compliance dashboards for endpoint health visibility may have a false sense of protection across their entire fleet.
The Attack Chain: How They Work Together
These three exploits are most dangerous when understood as a coordinated sequence rather than isolated bugs. Researchers at Vectra AI and the Cloud Security Alliance have mapped out the attack chain that threat actors have already been observed using in the wild:
Huntress confirmed this chain was used in at least one real-world intrusion, where the initial foothold was gained through a hijacked SSLVPN user account. Once inside, the attacker manually dropped the exploit files into the user’s Pictures and Downloads folders — renamed to avoid suspicion — before executing the full chain. The affected organization was immediately isolated from the network to prevent further lateral movement.
Timeline of the Crisis
April 3, 2026
BlueHammer PoC drops on GitHub — published without warning by Chaotic Eclipse after claiming MSRC dismissed the disclosure over a video demonstration dispute.
April 10, 2026
First active exploitation of BlueHammer detected by Huntress Labs in a real-world intrusion. Hands-on-keyboard attacker activity confirmed.
April 14, 2026
Microsoft Patch Tuesday — BlueHammer patched as CVE-2026-33825 (CVSS 7.8). RedSun and UnDefend not addressed.
April 16, 2026
RedSun and UnDefend released on GitHub. All three exploits now observed being used in active attacks. Huntress isolates affected organization.
April 22, 2026
CISA adds CVE-2026-33825 to the Known Exploited Vulnerabilities catalog. Federal agencies ordered to patch by May 6, 2026.
May 13, 2026
Next Patch Tuesday — earliest expected date for RedSun and UnDefend patches, if Microsoft moves at its standard cadence. Organizations remain exposed until then.
Who Is at Risk?
The scope of exposure is nearly total for Windows environments. Affected systems include all supported versions of Windows 10, Windows 11, and Windows Server 2016 through 2025 — provided Microsoft Defender is enabled, which it is by default on virtually every installation. The key risk factors that increase exposure severity include:
- Standard user accounts with code execution ability — all three exploits can be triggered from a non-admin account
- SSLVPN or remote access deployments — confirmed attack vector; a single compromised credential can become SYSTEM-level access
- Environments relying solely on Defender for endpoint protection — no secondary EDR means UnDefend can go undetected
- Organizations trusting dashboard health indicators — UnDefend falsifies Defender’s health status, creating compliance blind spots
- Systems with user-writable directories accessible — Downloads, Pictures, Temp folders used to stage exploit files
What You Should Do Right Now
✅ Immediate Action Checklist
- Apply April 2026 Patch Tuesday updates immediately — this closes BlueHammer (CVE-2026-33825). Verify the Defender platform version is 4.18.26050.3011 or later on all endpoints, not just dashboard status.
- Deploy a supplementary third-party EDR — this is the most durable compensating control for RedSun and UnDefend while patches are unavailable. Defender alone cannot catch Defender bypass techniques.
- Implement out-of-band Defender signature version checks — query Microsoft’s update feed directly rather than trusting dashboard health indicators, which UnDefend can falsify.
- Monitor for privilege escalation command sequences — alert on combinations of whoami /priv, cmdkey /list, and net group on the same host within a short window.
- Treat any SSLVPN or remote access compromise as critical — a single stolen credential combined with these exploits equals full SYSTEM access. Rotate credentials immediately upon any suspected compromise.
- Enable and enforce Attack Surface Reduction (ASR) rules — restrict code execution from user-writable directories like Downloads, Pictures, and Temp.
- Watch for out-of-band patches from Microsoft — RedSun and UnDefend have no fix yet. Subscribe to MSRC security advisories for immediate notification when patches drop.
The Bigger Picture
This incident is a stark illustration of what happens when the vulnerability disclosure pipeline breaks down. Chaotic Eclipse is not a criminal — by all accounts, the researcher attempted to follow responsible disclosure procedures and was stonewalled. The end result was three working exploits on GitHub, two of which remain unpatched weeks later, actively used by threat actors against real organizations.
Security researchers across the community have rallied behind the frustration. Microsoft’s own disclosure guidelines do not list video demonstrations as a requirement — yet that appears to be what triggered this cascade. The company’s post-incident statement about supporting “coordinated vulnerability disclosure” rings hollow when the exact failure of coordination is what set this crisis in motion.
For defenders, the operational lesson is clear: when your endpoint protection tool becomes the attack vector, you need defense-in-depth. No single security product — including the one built into Windows itself — is sufficient on its own. Layer your defenses, verify what your dashboards tell you, and never assume patch compliance equals security when unpatched zero-days are in active circulation.
UPDATE: The situation has not improved for RedSun and UnDefend. The next expected fix window is Patch Tuesday, May 13 — but that’s still over two weeks away, and Microsoft hasn’t confirmed it will address them then. The organizations that will weather this exposure period best are the ones that have network visibility operating independently of the endpoint layer — meaning if Defender gets blinded by UnDefend, you need another detection layer that doesn’t depend on it.
