RedSun and the Expanding Risk Window: Why Microsoft Defender Patching Can’t Wait

A newly disclosed Microsoft Defender zero-day named RedSun enables privilege escalation by causing Defender to rewrite malicious files in place rather than removing them; a public proof-of-concept exists and Microsoft has not yet released a patch. The report warns of attackers increasingly targeting security tools, highlights inconsistent patch adoption as a critical risk, and recommends immediate actions including verifying Defender updates, auditing patch coverage, enabling Tamper Protection, increasing monitoring and threat hunting, and preparing for rapid patch deployment.