CISA confirmed on Monday that ransomware gangs have begun exploiting a high-severity Microsoft Defender privilege escalation vulnerability that has previously been abused in zero-day attacks.
Dubbed BlueHammer, the security flaw (CVE-2026-33825) was leaked by a security researcher known as "Nightmare Eclipse" in early April, together with proof-of-concept exploit code, in protest at how the Microsoft Security Response Center (MSRC) handles the disclosure process.
"Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally," Microsoft explains in a security advisory.
Will Dormann, principal vulnerability analyst at Tharros, told BleepingComputer in April that while the issue is not easy to exploit, it gives local attackers access to the Security Account Manager (SAM) database, which contains password hashes for local accounts.
With this access, they can escalate to SYSTEM privileges and potentially take complete control of the targeted system.
“At that point, [the attackers] basically own the system, and can do things like spawn a SYSTEM-privileged shell,” Dormann said.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now
<small>Source: Bleeping Computer</small>
