Hacker News
RedSun: Unpatched Windows Defender Zero-Day Gives SYSTEM Access on All Fully Patched Systems
Security researcher Nightmare-Eclipse published RedSun, a second zero-day exploiting Microsoft Defender (CVE-2026-33825). Uses Cloud Files API and Volume Shadow Copy race conditions to escalate from unprivileged user to NT AUTHORITY\SYSTEM with ~100% reliability. No kernel exploit or driver needed. Unlike the related BlueHammer vulnerability patched in April 2026 Patch Tuesday, RedSun has NO available patch. Works on Windows 10, 11, and Server with latest updates. 186pts on HN.
Source
↳ Follow the thread