Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.
| Vendor | Product | Versions |
|---|---|---|
| microsoft | defender_antimalware_platform | 4.0.0.0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| microsoft | defender | cert_advisory | 90% |
Updated description with more technical detail, added new tag 'BlueHammer', and included suspicious IP geolocation information.
Updated description with detailed technical information, changed severity to CRITICAL, added affected versions, and noted no patch is currently available.
Updated description with CVE-2026-33825, confirmed severity as HIGH, and provided a URL for the patch.
Updated description with new technical details about the RedSun exploit and added CWE-20 as a new identifier.
Updated description with new technical details about additional vulnerabilities and confirmed ongoing exploitation.
Updated description with details on the BlueHammer vulnerability and its CVE-ID, added affected versions, and noted the patch availability in April 2026.
Updated description with details about the new unpatched vulnerability RedSun and added affected versions including Windows 10 and Windows 11.
Updated description to include the name 'BlueHammer', marked exploit as available, and noted that it is actively exploited.
Updated severity to CRITICAL and noted that no exploit is available.
Initial creation
