Monday, May 18, 2026
CISA Exploit ListOperating SystemsVulnerability

Three Windows Zero-Days

Justin Erickson

by Justin Erickson

Three Windows vulnerabilities have been recently discovered – BlueHammer, RedSun, and UnDefend. BlueHammer was actively exploited, while RedSun and UnDefend are proof-of-concept flaws. BlueHammer and RedSun are used for local priviledge escalation. UnDefend blocks Microsoft Defender definition updates. Microsoft has patched BlueHammer (CVE-2026-33825) in the April 2026 security updates, but RedSun and UnDefend remain unpatched as of writing this post. Researchers say “…that the three exploits are best understood as a chain rather than isolated issues: BlueHammer or RedSun to gain SYSTEM, and UnDefend to quietly degrade Defender’s detection over time. Together, this combination allows an attacker to entrench themselves while the host’s defenses gradually go blind, making early detection and isolation critical.”

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)

Bleeping Computer
The Hacker News
SOCRadar
CVE-2026-33825