Summary created by Smart Answers AI
In summary:
- PCWorld reports on the ‘RedSun’ vulnerability in Microsoft Defender affecting Windows 10, 11, and Server systems that allows attackers to gain administrative privileges.
- Security researcher Chaotic Eclipse publicly disclosed this unpatched exploit after alleged frustration with Microsoft’s poor response to previous vulnerability reports.
- Users should consider additional antivirus software protection since Microsoft has not yet released a patch for this significant security flaw.
A security vulnerability was recently discovered in Microsoft Defender, the first-party Windows 11 antivirus tool used by millions. Attackers can exploit this vulnerability to gain elevated system privileges and cause significant damage without users noticing.
The so-called “RedSun” vulnerability was discovered by security researcher Chaotic Eclipse, the same one who previously published a Windows exploit after Microsoft ignored his report.
He’s doing so again. In a new GitHub repository for RedSun, he explains the vulnerability and how to exploit it:
Now, normally I would just drop the PoC code and let people figure it out. But I can’t for this one, it’s way too funny. When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that’s supposed to protect decides that it is a good idea to just rewrite the file it found again to it’s original location. The PoC abuses this behaviour to overwrite system files and gain administrative privileges.
I think antimalware products are supposed to remove malicious files not be sure they are there but that’s just me.
Despite the danger in releasing an exploit for a vulnerability in Windows Defender that could affect millions of users, Chaotic Eclipse is doing so out of frustration, which he explains in a recent blog post: “Normally, I would go through the process of begging [Microsoft] to fix a bug but to summarize, I was told personally by them that they will ruin my life and they did.” He goes on: “They mopped the floor with me and pulled every childish game they could. It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision.”
Chaotic Eclipse is referring to the Microsoft Security Response Center, which is responsible for collecting and processing newly discovered security vulnerabilities and forwarding requests so that developers can release a corresponding patch.
No solution in sight yet
The issue with Microsoft Defender was discovered following the latest Patch Tuesday in April and affects systems running Windows 10, Windows 11, and Windows Server, where Microsoft Defender is active.
As with BlueHammer, this exploit is legitimate, but there’s no evidence that it’s already being exploited in the wild. However, this could change on a dime if hackers follow the instructions provided. Microsoft has not yet announced a patch that will resolve the issue.
Until the issue is resolved, you should consider using additional antivirus software on your PC alongside Microsoft Defender. Check out PCWorld’s picks for the best Windows antivirus software.
By the way: If you’re using Windows 11 Home, you’re missing out on the many benefits of Windows 11 Pro. To learn more, see our comparison of Windows 11 Home and Pro. If you want to upgrade, snag it for cheap in the PCWorld Software Store: now just $59 instead of $99.
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
Click Here For The Original Source.
