A security researcher has revealed two new zero-day vulnerabilities in Microsoft Defender, adding to a previously disclosed flaw earlier this month. These vulnerabilities pose significant risks as they have already been exploited in the wild, according to Huntress researchers.
The first vulnerability, named 'RedSun', is a privilege escalation flaw within Microsoft Defender. This type of vulnerability allows an attacker to gain elevated access rights, potentially leading to unauthorized actions on the affected system. The second vulnerability, 'UnDefend', enables a standard user to block Microsoft Defender from receiving signature updates or even disable it entirely if a major update is pushed by Microsoft.
These vulnerabilities are particularly concerning because they target a widely used security platform. Microsoft Defender is a default security solution for many Windows users, and exploitation of these flaws could leave systems unprotected against other threats. The fact that these vulnerabilities have been exploited in the wild underscores the urgency for users to take protective measures.
Organizations relying on Microsoft Defender should prioritize applying any available patches or updates from Microsoft to address these vulnerabilities. Additionally, they should implement monitoring solutions to detect any unusual activity that might indicate exploitation attempts.
In the absence of immediate patches, users are advised to employ additional security measures, such as using alternative security solutions or enhancing system monitoring, to mitigate the risks posed by these vulnerabilities. Staying informed about updates from Microsoft and security researchers will be essential in maintaining system security.
Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825