A vulnerability in Microsoft Defender has been exploited.

A privilege‑escalation flaw in Microsoft Defender was patched on April 14 after public disclosure and the release of proof‑of‑concept exploit code, and threat actors began exploiting it in the wild. BlueHammer and related techniques (RedSun, UnDefend) exploit Defender’s update mechanism and file handling to copy or place files that let attackers extract SAM database hashes, reset passwords, or gain System privileges.

Read more:

https://www.securityweek.com/recent-microsoft-defender-vulnerability-exploited-as-zero-day/