CISA orders feds to patch BlueHammer flaw exploited as zero-day
BleepingComputer • • technology
Key Points:
- CISA has mandated U.S. federal agencies to patch a critical Microsoft Defender privilege escalation vulnerability (CVE-2026-33825) within two weeks, due to active exploitation in zero-day attacks.
- The flaw allows low-privileged local attackers to gain SYSTEM-level permissions by exploiting insufficient access control, posing significant risks to government systems.
- Microsoft released a patch on April 14 following public disclosure and proof-of-concept exploits published by a security researcher known as "Chaotic Eclipse," who criticized Microsoft's vulnerability handling.
- Additional related vulnerabilities (RedSun and UnDefend) were also disclosed, with evidence that attackers have been actively exploiting these flaws as part of broader intrusions linked to suspicious activity including connections from Russia.
- CISA emphasized the urgency of applying vendor mitigations or discontinuing affected products if patches are unavailable, highlighting the frequent use of such vulnerabilities by malicious actors against federal networks.
