Back

Multiple Microsoft Defender Zero-Day Vulnerabilities Exploited in the Wild

Severity: High (Score: 69.9)

Sources: Feeds2.Feedburner, Cybersecuritynews

Summary

A security researcher has disclosed three zero-day vulnerabilities in Microsoft Defender, all of which are currently being exploited in the wild. The first, named 'RedSun', is a privilege escalation flaw that allows unprivileged users to gain full SYSTEM access on Windows 10, Windows 11, and Windows Server 2019 and later systems. The second vulnerability, 'UnDefend', enables users to disable Microsoft Defender's signature updates. All three vulnerabilities remain unpatched as of April 17, 2026. Huntress researchers have confirmed that these exploits are actively being used in attacks against affected systems. Organizations using Microsoft Defender should be aware of these vulnerabilities and take immediate action to mitigate potential risks. Key Points: • Three zero-day vulnerabilities in Microsoft Defender are currently exploited in the wild. • 'RedSun' allows privilege escalation to SYSTEM access on multiple Windows platforms. • The vulnerabilities remain unpatched as of April 17, 2026, posing significant risks to users.

Key Entities

  • Zero-day Exploit (attack_type)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • Microsoft Defender (platform)
  • Windows (platform)
  • RedSun (vulnerability)
  • UnDefend (vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed