Researcher Discloses Six Windows Zero‑Days, Three Actively Exploited in the Wild
What Happened – A security researcher (alias Chaotic Eclipse) publicly released details and proof‑of‑concept code for six previously unknown Windows vulnerabilities—including Defender and BitLocker—without prior coordination with Microsoft. Within weeks three of those flaws (codenamed BlueHammer, RedSun, UnDefend) were observed being leveraged by threat actors in the wild.
Why It Matters for TPRM –
- Uncoordinated zero‑day releases can give attackers immediate, reliable exploit kits against a ubiquitous platform.
- Organizations that rely on Microsoft Windows for endpoint protection or data encryption face elevated risk of compromise until patches are deployed.
- The dispute highlights the importance of robust vulnerability‑management processes and vendor‑relationship monitoring.
Who Is Affected – Enterprises across all sectors that run Windows 10/11 or Windows Server, especially those using built‑in security features (Microsoft Defender, BitLocker).
Recommended Actions –
- Accelerate patch‑testing cycles for any Microsoft security updates; prioritize the CVEs associated with BlueHammer, RedSun, and UnDefend.
- Verify that endpoint detection and response (EDR) solutions have signatures for the known exploits.
- Review your third‑party risk program’s coordination policies with vendors and bug‑bounty programs to ensure timely disclosure handling.
Technical Notes – The six vulnerabilities span kernel‑level privilege escalation, encryption bypass, and driver manipulation. Three are confirmed exploited in the wild (BlueHammer, RedSun, UnDefend). No CVE numbers were disclosed at the time of reporting; Microsoft is working on patches. Source: SecurityAffairs