A security researcher has disclosed two new zero-day vulnerabilities in Microsoft Defender, named "RedSun" and "UnDefend," which are now being actively exploited alongside a previously disclosed flaw. RedSun is a privilege escalation vulnerability, while UnDefend allows a standard user to block Defender's signature updates or disable the antivirus entirely. The article confirms all three exploitation techniques are active in the wild but does not provide specific version numbers, CVSS scores, patch details, or workarounds.
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw in the same platform. The second, “UnDefend,” allows a standard user to block Microsoft Defender from receiving signature updates or disable it entirely (if Microsoft pushes a major Defender update). And, according to Huntress researchers, all three exploitation techniques have … More → The post Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild appeared first on Help Net Security .