Exploit code has been released for an unpatched Windows vulnerability dubbed BlueHammer, which allows attackers to gain SYSTEM or elevated administrator permissions. The disclosure was made public by a researcher known as Chaotic Eclipse following a dispute with Microsoft over the handling of the security report.

A security researcher has publicly released exploit code for a critical Windows privilege escalation flaw after becoming frustrated with Microsoft’s Security Response Center. The vulnerability, which has been named BlueHammer, allows a local attacker to bypass security boundaries and obtain the highest level of system permissions. Because Microsoft has not yet released an official patch or security update to address the problem, the flaw is currently categorized as a zero-day vulnerability.

The decision to leak the exploit appears to be the result of a breakdown in the private disclosure process between the researcher and the software giant. Using the alias Chaotic Eclipse, the individual indicated that the release was a deliberate response to Microsoft's actions, suggesting that previous warnings had been ignored. The researcher expressed significant disbelief regarding Microsoft's decision-making process, questioning why the company allowed the situation to escalate to a public release.

In a brief and pointed statement, the researcher noted that they would not be providing a detailed technical explanation of how the exploit functions, leaving it to other security professionals to analyze the mechanics. The post included a sarcastic note of thanks to the leadership at the Microsoft Security Response Center, implying that their specific handling of the case was the primary catalyst for the leak. This move highlights an ongoing tension within the cybersecurity community regarding how vendors manage independent bug reports.

The actual proof-of-concept code was published to a GitHub repository on April 3rd under the username Nightmare-Eclipse. While the release represents a significant security risk for Windows users, the researcher admitted that the current version of the code is not perfect. They noted that the repository contains various bugs that might prevent the exploit from working reliably in every environment, though it still serves as a functional foundation for others to build upon.

Microsoft has not yet provided a definitive timeline for when a fix will be available to the public. Until a patch is issued, the BlueHammer vulnerability remains a viable threat for systems where an attacker has already gained basic access. Security administrators are generally advised to monitor for unusual privilege escalation activity while the industry waits for an official update from the Microsoft security team.

Source: https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-zero-day-vulnerabilities?tabs=preview-customers%2Cpreview-customers-vulnerabilities