Digital transformation

Warning: Over 1 billion Windows computers face the risk of being attacked.

Phan Van Hoa April 19, 2026 07:03

Default security software isn't always completely safe. Recently, a series of serious vulnerabilities in Windows have been made public, putting users worldwide at risk.

Three dangerous security vulnerabilities have been publicly disclosed and are being exploited.

Microsoft Defender, the built-in antivirus software in Windows, has long been considered a fundamental "shield" protecting computers from malware. However, ironically, this very tool has become a target for exploitation.

According to BleepingComputer, a security researcher using the pseudonym “Chaotic Eclipse” publicly disclosed three unpatched zero-day vulnerabilities as a protest against Microsoft’s Security Response Center’s handling of the issue. Instead of continuing to report them privately, this individual released the exploit code publicly.

Ảnh minh họa357
Illustrative image.

The three vulnerabilities were named BlueHammer, RedSun, and UnDefend. The worrying aspect is that these are all "zero-day" vulnerabilities, meaning there were no official patches available at the time of disclosure, leaving numerous Windows computers vulnerable to attack.

According to the US-based cybersecurity firm Huntress, all three vulnerabilities have been documented as being exploited in practice. Once the exploit code falls into the hands of cybercriminals, it is quickly leveraged to attack systems that are not adequately protected.

BlueHammer and RedSun are local privilege escalation vulnerabilities that require an attacker to have direct access to the device. UnDefend, however, is dangerous because it allows ordinary users to disable Defender's update process.

Notably, Microsoft released a patch for BlueHammer (CVE-2026-33825) in the April 2026 update. However, the remaining two vulnerabilities, particularly RedSun, have not yet been fully addressed.

How dangerous is the RedSun security vulnerability?

Of the three vulnerabilities, RedSun is considered the most significant threat. It can allow hackers to gain system privileges, the highest level of access in the Windows operating system, thereby gaining complete control of the computer.

According to the researcher's description, this vulnerability exploits an unusual behavior of Microsoft Defender. When the software detects a malicious file with a "cloud tag," instead of removing it, it overwrites the file to its original location.

This very inconsistency has been exploited. Attackers can use Defender to overwrite critical system files with malicious code. Because this process is performed by the security software itself, the system doesn't double-check, inadvertently granting administrative privileges to the malware.

Once they have the highest level of privilege, hackers can do almost anything: delete data, install spyware, track users, or even block the owner's access to the computer.

How to protect your Windows computer before a security patch is released.

In the absence of complete patches for all vulnerabilities, Windows users need to proactively protect their devices.

First, make sure you have installed the latest security updates from Microsoft, especially the April 2026 update. While it doesn't resolve all issues, this patch still helps prevent BlueHammer-related attacks.

You can check by going to Settings → Windows Update → Check for updates and install them as soon as a new version is available.

For RedSun and UnDefend, the only solution currently is to wait for the official patch. In the meantime, regularly checking for updates is crucial to avoid missing bug fixes as soon as they are released.

Additionally, users should also consider using third-party security software to enhance protection. Compared to built-in solutions, these software programs are often updated faster and offer more features such as virtual private networks (VPNs), password management, and data backup.

This incident demonstrates that even familiar security tools can become vulnerable if unpatched flaws exist. While waiting for Microsoft to fully fix the issue, proactively updating and maintaining vigilance remains the best way to protect personal data and devices.

Source: Tomsguide
Copy Link
0 0 0
x
Warning: Over 1 billion Windows computers face the risk of being attacked.
Google News
POWERED BYFREECMS- A PRODUCT OFNEKO