Threat Actors Exploit Unpatched Microsoft Defender Zero-Days
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON — Threat actors are actively exploiting three zero-day vulnerabilities in Microsoft Defender, with two of the flaws remaining unpatched as of Thursday. The cybersecurity vendor Huntress confirmed the exploitation, marking a significant escalation in the ongoing campaign against enterprise security infrastructure.
The vulnerabilities allow attackers to gain elevated privileges within compromised systems, potentially granting them control over critical endpoints. Huntress researchers observed the activity globally, noting that the exploits are being leveraged in active attacks against organizations relying on Microsoft’s endpoint protection platform.
Microsoft Defender, a widely deployed security solution, is used by millions of enterprises and individuals worldwide. The unpatched nature of two of the three vulnerabilities leaves systems exposed to remote code execution and privilege escalation attacks. Security experts warn that the window for exploitation is widening as threat actors race to capitalize on the gaps before patches are deployed.
The vulnerabilities were disclosed by Chaotic Eclipse, a security researcher who published details of the flaws after citing concerns over Microsoft’s handling of the vulnerability disclosure process. Eclipse stated that the company’s response to the initial report was inadequate, prompting the public release of the information. Microsoft has acknowledged the issues and is working on patches, but two of the three vulnerabilities remain unaddressed.
Huntress, which specializes in threat detection and response, reported that the exploits are being used to bypass security controls and maintain persistence within targeted networks. The vendor’s findings indicate that attackers are using the flaws to escalate privileges and move laterally across systems, increasing the risk of data breaches and ransomware deployment.
The situation underscores the challenges of managing zero-day vulnerabilities in widely used security software. Microsoft’s delayed patching has drawn criticism from the security community, with some experts calling for faster response times to protect users. However, the company has not commented on the timeline for the remaining patches.
As of Thursday, no major breaches have been attributed to the exploits, but the potential impact remains high. Organizations are advised to implement compensating controls and monitor for signs of compromise while awaiting official patches. The cybersecurity community is closely watching the situation, with further developments expected as Microsoft works to address the vulnerabilities.
The incident highlights the ongoing tension between security vendors and researchers over disclosure timelines and patching priorities. With two vulnerabilities still unpatched, the risk to global enterprise security remains elevated, leaving many organizations in a state of uncertainty about their exposure.