Summary
Microsoft Defender is vulnerable to a new zero-day exploit named "RedSun" that allows unprivileged users to gain SYSTEM privileges by abusing the Cloud Files API. The flaw enables attackers to overwrite critical system binaries by manipulating how the antivirus handles malicious files with cloud tags.
Take Action:
Update your Windows Defender ASAP to version 4.18.26030.3011 or later (via Windows Update) to fix the BlueHammer flaw. The RedSun flaw has no patch yet, so until Microsoft releases one, have your security team monitor for unusual Defender file write activity targeting C:\Windows\System32, and consider deploying endpoint detection rules to catch oplock-assisted file redirection. If you don't have a security team, make sure automatic Windows Updates are turned on and limit who can log into your Windows machines locally.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)