The cybersecurity landscape has been shaken once again by the actions of a researcher known as “Chaotic Eclipse.” This individual has unveiled a new zero-day vulnerability in Microsoft Defender, the built-in antivirus solution for Windows operating systems. Dubbed “RedSun,” this local privilege escalation flaw grants malicious actors SYSTEM privileges on the latest iterations of Windows 10, Windows 11, and Windows Server, provided that Microsoft Defender is enabled.
According to reports from BleepingComputer, the exploit has been confirmed to function as intended. Some antivirus vendors have already begun detecting the flaw on VirusTotal, as the exploit includes an embedded EIRCAR, a file typically used for antivirus testing.
This revelation follows closely on the heels of Chaotic Eclipse’s earlier disclosure of a vulnerability named BlueHammer, which similarly allows local attackers to elevate their permissions to SYSTEM or administrative levels on targeted endpoints. The timing of these disclosures raises questions about the researcher’s motivations and experiences with Microsoft’s vulnerability reporting process.
In a candid reflection on their interactions with Microsoft, Chaotic Eclipse expressed dissatisfaction with the company’s handling of vulnerability disclosures. “Normally, I would go through the process of begging them to fix a bug, but to summarize, I was told personally by them that they will ruin my life, and they did,” the researcher stated, hinting at a broader frustration within the security research community regarding corporate responses to reported vulnerabilities.
Chaotic Eclipse further elaborated on their experience, describing it as a series of childish games played by the corporation. “It was so bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer,” they remarked, indicating a sense of betrayal and frustration.
In response to the recent disclosures, a Microsoft spokesperson reiterated the company’s commitment to investigating reported security issues. “We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community,” the spokesperson stated, emphasizing the importance of collaboration in addressing cybersecurity challenges.