Hackers have begun exploiting newly disclosed vulnerabilities in Microsoft Windows systems, following the public release of exploit code by a security researcher.
Cybersecurity firm Huntress said attackers are leveraging three vulnerabilities—BlueHammer, UnDefend, and RedSun—to gain unauthorised access to affected systems.
The flaws impact Windows Defender and allow attackers to obtain high-level administrative control over compromised devices.
Of the three vulnerabilities, only BlueHammer has been patched so far by Microsoft, while the others remain unaddressed.
The exploits were published online by a researcher known as Chaotic Eclipse, who indicated that the disclosure was motivated by a dispute with Microsoft. The release included proof-of-concept code, making it easier for threat actors to weaponise the vulnerabilities.
Security experts warn that such “full disclosure” incidents can accelerate attacks, as malicious actors can quickly adapt publicly available exploit code for real-world use.
Huntress researchers said the availability of ready-made attack tools has intensified the race between defenders and attackers, with organisations now under pressure to patch systems and implement protective measures before further breaches occur.
