HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Researcher Discloses Six Windows Zero‑Days, Three Actively Exploited in the Wild

A security researcher released six unpatched Windows vulnerabilities without coordination, and three of them (BlueHammer, RedSun, UnDefend) are already being used by attackers. The incident underscores the urgency for rapid patching and tighter vendor‑researcher communication for organizations relying on Microsoft OS security controls.

LiveThreat™ Intelligence · 📅 May 29, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
securityaffairs.com

Researcher Discloses Six Windows Zero‑Days, Three Actively Exploited in the Wild

What Happened – A security researcher (alias Chaotic Eclipse) publicly released details and proof‑of‑concept code for six previously unknown Windows vulnerabilities—including Defender and BitLocker—without prior coordination with Microsoft. Within weeks three of those flaws (codenamed BlueHammer, RedSun, UnDefend) were observed being leveraged by threat actors in the wild.

Why It Matters for TPRM

  • Uncoordinated zero‑day releases can give attackers immediate, reliable exploit kits against a ubiquitous platform.
  • Organizations that rely on Microsoft Windows for endpoint protection or data encryption face elevated risk of compromise until patches are deployed.
  • The dispute highlights the importance of robust vulnerability‑management processes and vendor‑relationship monitoring.

Who Is Affected – Enterprises across all sectors that run Windows 10/11 or Windows Server, especially those using built‑in security features (Microsoft Defender, BitLocker).

Recommended Actions

  • Accelerate patch‑testing cycles for any Microsoft security updates; prioritize the CVEs associated with BlueHammer, RedSun, and UnDefend.
  • Verify that endpoint detection and response (EDR) solutions have signatures for the known exploits.
  • Review your third‑party risk program’s coordination policies with vendors and bug‑bounty programs to ensure timely disclosure handling.

Technical Notes – The six vulnerabilities span kernel‑level privilege escalation, encryption bypass, and driver manipulation. Three are confirmed exploited in the wild (BlueHammer, RedSun, UnDefend). No CVE numbers were disclosed at the time of reporting; Microsoft is working on patches. Source: SecurityAffairs

📰 Original Source
https://securityaffairs.com/192865/security/microsoft-calls-the-zero-day-dumps-irresponsible-the-researcher-says-microsoft-started-it.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →