Tag

Cve 2026 33825

All articles tagged with #cve 2026 33825

security1 month ago•3 min saved

CISA Mandates Patch for BlueHammer Windows Flaw in Two Weeks

CISA has ordered U.S. federal agencies to patch CVE-2026-33825, a Microsoft Defender privilege-escalation flaw nicknamed BlueHammer that was exploited as a zero-day before Microsoft released a fix on April 14. Agencies have two weeks (until May 7) to secure Windows systems, with CISA warning of ongoing exploitation and advising mitigations or product discontinuation if fixes aren’t available. The report also notes related flaws (RedSun, UnDefend) disclosed by Chaotic Eclipse and evidence of active intrusion including hands-on-keyboard activity and suspicious FortiGate VPN activity tied to Russia. CISA added the flaw to the Known Exploited Vulnerabilities catalog and highlighted broader risks from similar Windows zero-days.

via BleepingComputer|

#bluehammer #cisa #cve-2026-33825

cyber-security-news1 month ago•53 min saved

RedSun: Defender zero-day grants SYSTEM access on Windows

A newly disclosed zero-day in Microsoft Defender, dubbed RedSun, lets an unprivileged user escalate to SYSTEM on patched Windows 10/11 and Windows Server 2019+ by abusing Defender’s cloud file handling. The attack rewrites a malicious file back to a system path via cldapi.dll and oplocks, overwriting a system binary in System32 (e.g., TieringEngineService.exe) and gaining full code execution as SYSTEM. CVE-2026-33825 carries a CVSS of 7.8; there is currently no patch. Security teams should monitor Defender file-write activity to System32, look for cldapi.dll-issued redirects, and apply endpoint detection until Microsoft issues a fix.

via CyberSecurityNews|

#cve-2026-33825 #cyber-security-news #microsoft-defender