By Ionut Arghire
Publication Date: 2026-04-23 08:00:00
A recently disclosed privilege escalation vulnerability in Microsoft Defender has been exploited in the wild as a zero-day using publicly available proof-of-concept (PoC), Huntress warns.
Patched on April 14, the issue is tracked as CVE-2026-33825 (CVSS score of 7.8). Microsoft describes it as an elevation of privilege bug rooted in insufficient granularity of access control.
The CVE was publicly disclosed on April 2 by a disgruntled researcher known as Chaotic Eclipse and Nightmare-Eclipse, who warned it was a race condition leading to full System privileges.
The researcher named the flaw BlueHammer and published PoC exploit code to their GitHub repository. Interest in the exploit surged fast, fueled by a fork that fixed some bugs in the researcher’s implementation and included documentation and instructions.
BlueHammer is a time-of-check to time-of-use (TOCTOU) in Defender’s signature update mechanism that allows an attacker with low privileges to gain System…
