BlueHammer, RedSun, and UnDefend: Three Windows Defender Zero-Days Exploited in the Wild

Three Windows Defender zero-day vulnerabilities—BlueHammer (CVE-2026-33825), RedSun, and UnDefend—were publicly disclosed with proof-of-concept exploits in April 2026; BlueHammer was patched in the April Patch Tuesday, while RedSun and UnDefend remain unpatched and have been observed in the wild, enabling local privilege escalation to SYSTEM and suppression of Defender updates. Organizations are advised to apply available patches, monitor for privilege escalation and remote-access credential compromise, and prepare for additional disclosures or out-of-band fixes.