Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

SITREP: Three zero-day vulnerabilities in Microsoft Defender, codenamed BlueHammer, RedSun, and UnDefend, are being actively exploited by threat actors to gain elevated privileges on compromised systems. Two of these vulnerabilities remain unpatched, raising concerns about ongoing security risks. TACTICAL ASSESSMENT: The exploitation of these vulnerabilities indicates a significant threat to users of Microsoft Defender, potentially compromising sensitive data and system integrity. The lack of patches for two of the vulnerabilities suggests a window of opportunity for attackers to escalate their operations. PROJECTED VECTORS: It is likely that threat actors will continue to exploit these vulnerabilities until patches are released, potentially leading to increased incidents of data breaches and system compromises.