Particle.news
Download on the App Store
3 ARTICLES
·
last wk.

CISA Orders Federal Fix for Microsoft Defender 'BlueHammer' Flaw Exploited in the Wild

The agency set a May 6 deadline to curb attacks using public proof of concept code.

Overview

  • CISA added CVE-2026-33825 to its Known Exploited Vulnerabilities catalog and told federal agencies to patch it by May 6.
  • Microsoft released a patch on April 14 for the Defender bug, which lets a local user gain SYSTEM rights by abusing loose access controls.
  • Huntress reported that attackers started using the public BlueHammer exploit on April 10 and then used RedSun and UnDefend on April 16.
  • Investigators said the intruders entered through a FortiGate SSL VPN account and conducted hands-on reconnaissance, with one source IP geolocated to Russia.
  • Both RedSun and UnDefend remain unpatched, with RedSun placing files in the System32 folder to gain full control and UnDefend locking definition files to stop updates.