Exploits Turn Windows Defender into Attacker Tool

Three publicly available exploits, BlueHammer, RedSun, and UnDefend, are being used to turn Microsoft Defender into an attacker tool, with two enabling SYSTEM-level access and one disrupting Defender’s update mechanism. While a patch exists for BlueHammer (CVE-2026-33825), RedSun and UnDefend exploit separate flaws, allowing attackers to escalate privileges or weaken defenses with minimal modifications.