Recent Microsoft Defender Vulnerability Exploited as Zero-Day
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
A recently disclosed privilege escalation vulnerability in Microsoft Defender has been exploited in the wild as a zero-day using publicly available proof-of-concept (PoC), Huntress warns.
Patched on April 14, the issue is tracked as CVE-2026-33825 (CVSS score of 7.8). Microsoft describes it as an elevation of privilege bug rooted in insufficient granularity of access control.
The CVE was publicly disclosed on April 2 by a disgruntled researcher known as Chaotic Eclipse and Nightmare-Eclipse, who warned it was a race condition leading to full System privileges.
Source: https://www.securityweek.com/recent-microsoft-defender-vulnerability-exploited-as-zero-day/
Related breach coverage
- Microsoft Patches 57 Vulnerabilities, Three Zero-Days2025-12-09
Microsoft has addressed a Windows vulnerability exploited as zero-day that allows attackers to obtain System privileges. The post Microsoft Patches 57 Vulnerabilities, Three Zero-Days appeared first on SecurityWeek.
- Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers2026-02-26
Already added to CISA’s KEV catalog, the flaw allows attackers to bypass authentication and gain administrative privileges. The post Cisco Patches Catalyst SD-WAN Zero-Day Exploited by Highly Sophisticated Hackers appeared first on SecurityWeek.
- Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week2025-11-19
An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system. The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.
- Critical Flowise Vulnerability in Attacker Crosshairs2026-04-07
The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system. The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.