The cybersecurity landscape has recently been shaken by the disclosure of a new zero-day vulnerability in Microsoft Defender, the built-in antivirus solution for Windows. The researcher known as “Chaotic Eclipse” has unveiled a proof-of-concept exploit for this vulnerability, which they have dubbed “RedSun.” This flaw allows local privilege escalation to SYSTEM level on the latest iterations of Windows 10, Windows 11, and Windows Server, provided that Microsoft Defender is active.
According to reports from BleepingComputer, the vulnerability has already garnered attention from various antivirus vendors, with some detecting it on VirusTotal due to the presence of an embedded EIRCAR (a test file used for antivirus evaluation) within the executable.
Background on the Researcher and Previous Disclosures
This latest revelation follows closely on the heels of Chaotic Eclipse’s earlier disclosure of a vulnerability named BlueHammer, which also enabled local attackers to gain SYSTEM or elevated administrative permissions on targeted systems. The researcher has expressed dissatisfaction with Microsoft’s approach to vulnerability disclosure, recounting a troubling experience in their interactions with the tech giant.
“Normally, I would go through the process of begging them to fix a bug, but to summarize, I was told personally by them that they will ruin my life,” Chaotic Eclipse stated. “They mopped the floor with me and pulled every childish game they could. It was so bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer.”
In response to the situation, a Microsoft spokesperson emphasized the company’s commitment to investigating reported security issues and updating affected devices promptly. “We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community,” the spokesperson explained.
This ongoing dialogue between researchers and corporations highlights the complexities of vulnerability disclosure in the cybersecurity realm, where the balance between public safety and corporate responsibility remains a critical concern.
