BlueHammer
Coverage of BlueHammer in the Nexus archive.
- CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA confirmed that ransomware gangs are exploiting a Microsoft Defender privilege escalation vulnerability named BlueHammer, which was previously used in zero-day attacks. The flaw allows attackers to escalate privileges, potentially leading to system compromises.
- Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
Disgruntled bug hunter Nightmare Eclipse (Chaotic Eclipse) has released six Windows zero-days, prompting Microsoft to issue a blog post condemning uncoordinated disclosure and threatening legal action. Nightmare claims Microsoft humiliated them by deleting their MSRC account and withholding payment, vowing a major release on July 14.
- CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has directed U.S. federal agencies to address a critical privilege escalation vulnerability in Microsoft Defender, known as BlueHammer, which is currently being exploited in zero-day attacks. The flaw allows attackers to escalate privileges, posing a significant security risk.
- Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
Huntress warns that three zero-day vulnerabilities in Microsoft Defender—BlueHammer, RedSun, and UnDefend—are being actively exploited by threat actors to gain elevated system privileges. Two of these vulnerabilities remain unpatched, posing ongoing security risks.
- BlueHammer abuses Windows Defender's update process to gain SYSTEM access
BlueHammer exploits a zero-day vulnerability in Windows Defender's update process to gain SYSTEM access. The article details the attack method and its implications for cybersecurity.
- 'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
A researcher using the alias 'Chaotic Eclipse' released a PoC exploit for a zero-day vulnerability in Windows, enabling local user system takeover. The incident highlights potential issues with Microsoft's bug disclosure process, as the flaw was undisclosed prior to the exploit's release.