Microsoft:

Security researchers have reported that three vulnerabilities affecting Microsoft Defender are being actively exploited, with two of them yet to receive official patches.

Cybersecurity firm Huntress identified the vulnerabilities and assigned them the names “BlueHammer,” “RedSun,” and “UnDefend” for tracking purposes. According to the firm, exploitation activity linked to one vulnerability began around April 10, 2026, while others were observed shortly afterward.

Microsoft has confirmed that one vulnerability, tracked as CVE-2026-33825, has been addressed. The remaining two vulnerabilities are still under investigation, and no official patch timeline has been announced.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-33825 to its Known Exploited Vulnerabilities catalog and directed relevant federal agencies to apply the necessary updates by May 6, 2026.

Another cybersecurity firm, Vectra, noted that attackers may combine these vulnerabilities to escalate system access and potentially weaken endpoint security protections. Researchers observed command-line activity commonly associated with manual intrusion attempts, suggesting involvement of active threat actors rather than automated processes.

Microsoft stated that it is reviewing the reported issues and remains committed to addressing vulnerabilities through its standard security response process.

Experts advise organizations to promptly apply available updates, monitor systems for unusual activity, and adopt layered security measures to reduce risk while additional patches are pending.