Overview
- The exploit code posted to GitHub Tuesday came from a researcher using the alias Chaotic Eclipse.
- Independent tester Will Dormann confirmed the PoC can grant system-level access on Windows 11, though it is not fully reliable.
- The method leans on the Windows Defender update path and a time‑of‑check‑to‑time‑of‑use bug, using tricky file paths to reach the SAM database that stores local password hashes.
- Early checks show reduced effect on Windows Server, where elevation appears to stop at an enhanced admin role that still prompts for approval.
- Microsoft says it is investigating and has issued no CVE or fix, and researchers advise extra caution with downloads and email attachments until an update arrives.