By J.R. Johnivan
Publication Date: 2026-04-20 18:18:00
No less than three new security flaws are actively being exploited in Microsoft Defender… and only one of them has been patched. Making matters worse, two of these vulnerabilities, BlueHammer and RedSun, can even grant full SYSTEM-level access to users across a variety of Windows operating systems.
A security researcher known as Chaotic Eclipse, also known as Nightmare-Eclipse on GitHub, has published zero-day exploits for all three of the vulnerabilities in question.
BlueHammer
The only one of the three exploits to have received an official patch at the time of this writing, BlueHammer is also the only one that requires logging in to GitHub. Once that stipulation is met, however, the full BlueHammer exploit can be sprung.
BlueHammer works by downloading a genuine Microsoft Defender Antivirus definition update and equipping it with an opportunistic lock (oplock) to gain privileged access to files….
