Two Microsoft Defender vulnerabilities have been sitting unpatched for weeks — and attackers know it.
The flaws, tracked as RedSun and UnDefend, are among three zero-days Huntress researchers flagged in mid-April 2026. One of them — BlueHammer (CVE-2026-33825) — got a fix. The other two? Still exposed. Microsoft hasn’t released patches for RedSun or UnDefend yet, leaving businesses running Microsoft Defender with a window of active risk.
This follows a brutal April Patch Tuesday where Microsoft already fixed 167 vulnerabilities, including two other zero-days being actively exploited in the wild — one in SharePoint Server, another in Microsoft Defender itself.
Why this matters for your business:
If you’re running Microsoft Defender for endpoint protection — and most businesses on Microsoft 365 do — these unpatched flaws could let an attacker elevate privileges on your machine or bypass your security entirely. You don’t need to click a bad link. The attack can already be sitting dormant on your network.
CrowdStrike’s 2026 Global Threat Report put a number on the pace: AI-enabled attacks surged 89% last year, and the average attacker breakout time dropped to just 29 minutes. That’s not a future problem. That’s what’s happening now.
What to do right now:
- Check your Microsoft Defender version and confirm you’re on the latest patched build.
- Restrict local administrator privileges — that limits what RedSun and UnDefend can actually do if they’re exploited.
- Monitor for suspicious process activity, especially anything running under SYSTEM-level access.
- If you have a managed IT provider, make sure they’ve already flagged this.
Don’t wait for the patch. Assume the vulnerability is already being probed.
Need help auditing your Microsoft security posture? Talk to NSI Tech — we’ll run a quick assessment and tell you exactly where you stand.