๐Ÿšจ Active Exploitation ๐ŸชŸ Windows

BlueHammer, RedSun, UnDefend: Three Microsoft Defender Zero-Days Exploited Right Now โ€” Two Still Without a Patch

๐Ÿ“… 26 April 2026 โฑ๏ธ 5 min read โœ“ Sources: BleepingComputer, IT-Connect, CISA, Huntress Labs
Microsoft Defender โ€” the antivirus built into every Windows PC โ€” is currently affected by three zero-day vulnerabilities being actively exploited by attackers. One has been patched. The other two have no fix yet. Here's what this means for you and what you need to do right now.

๐Ÿ” The three flaws at a glance

BlueHammer
โœ“ Patched

Lets any user gain full control of a PC (SYSTEM level). CVE-2026-33825 โ€” patched on 14 April 2026.

RedSun
โš ๏ธ No patch

Same result as BlueHammer โ€” SYSTEM access โ€” via a different mechanism. Works even on a fully updated PC.

UnDefend
โš ๏ธ No patch

Prevents Defender from receiving updates. Your antivirus gradually goes blind โ€” without you knowing.

๐Ÿ˜ค Why these flaws were made public

All three exploits were deliberately published on GitHub by an anonymous security researcher going by Nightmare Eclipse or Chaotic Eclipse. The reason: Microsoft ignored their vulnerability reports for weeks without a proper response.

By publishing the exploit code, they forced Microsoft's hand โ€” but at the cost of exposing millions of users. BlueHammer was patched 11 days after publication. RedSun and UnDefend are still waiting for a fix.

๐Ÿ“… Timeline of events

  • 3 Apr 2026
    BlueHammer publishedNightmare Eclipse releases the exploit code on GitHub after Microsoft ignored them
  • 10 Apr 2026
    First exploitation detectedHuntress Labs observes BlueHammer used in real-world cyberattacks
  • 14 Apr 2026
    Microsoft patches BlueHammerCVE-2026-33825 fixed via the April 2026 Patch Tuesday
  • 16 Apr 2026
    RedSun and UnDefend publishedThe researcher releases two more flaws โ€” still unpatched to this day
  • 22 Apr 2026
    CISA issues alertUS cybersecurity agency orders federal agencies to patch before 7 May
  • 26 Apr 2026
    RedSun and UnDefend still unpatchedMicrosoft has not announced a fix date for either vulnerability

โš ๏ธ What does this actually mean?

Attackers are chaining the three flaws together. First BlueHammer or RedSun to gain full control of the PC, then UnDefend to blind Defender. Result: the attacker owns the machine and the antivirus can no longer detect them.

๐Ÿšจ Who is affected?
  • All PCs running Windows 10 and Windows 11 with Microsoft Defender enabled
  • Windows Server 2016 through 2025
  • Even a fully updated PC remains vulnerable to RedSun and UnDefend
  • Defender is enabled by default on virtually every Windows installation

โœ… What you need to do right now

โœ… Immediate steps
  • Run Windows Update now โ€” Settings โ†’ Windows Update โ†’ Check for updates. This patches BlueHammer
  • Check your Defender version โ€” it should be 4.18.26050.3011 or higher
  • Add a third-party antivirus โ€” Bitdefender alongside Defender protects against RedSun and UnDefend
  • Watch for suspicious files โ€” attackers hide exploits in Pictures and Downloads folders
โš ๏ธ For advanced users
  • Watch for processes named FunnyApp.exe, RedSun.exe, undef.exe, z.exe in your logs
  • Enable Attack Surface Reduction (ASR) rules in Windows Defender
  • Monitor for anomalies in Defender signature updates

Is your PC protected?

Describe your setup to CyberGuard โ€” it'll check with you in a few minutes.

๐Ÿค– Check with CyberGuard โ†’
๐Ÿ“– Complete guide โ€” Protect Your Family Online
30 pages ยท Antivirus, updates, VPN, scams ยท Instant download
Buy $6.90 โ†’