By Devesh Beri
Publication Date: 2026-04-21 11:00:00
An unpatched vulnerability in (ironically) Microsoft Defender lets attackers gain full administrative access on Windows 10 and 11, and on some Windows Server versions, once they already have local access to a machine.
A security researcher who goes by the name Chaotic Eclipse discovered what they call the “RedSun” vulnerability just weeks after discovering, disclosing, and then leaking a Windows zero-day exploit that Microsoft failed to properly address the issue. This new flaw works as a local privilege escalation issue. An attacker must first gain a foothold on a target device, such as through a phishing email or a malicious program, and then use the Defender exploit to escalate from a standard account to admin or even SYSTEM, as reported by PCWorld.
This allows hackers to exploit how Defender handles high‑privilege tasks, uses file-system tricks, and manipulates registry data to reset and then restore administrator credentials. The process can make it harder for…