好的,我需要帮用户总结这篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我快速浏览文章,发现主要讲的是一个未修补的Windows零日漏洞BlueHammer被泄露。 文章提到一位研究人员对微软的处理方式不满,于是公开了这个漏洞。漏洞允许攻击者提升权限到SYSTEM级别,目前微软还没有补丁。这属于零日漏洞,意味着系统现在处于风险中。 接下来,我需要提取关键信息:漏洞名称、泄露原因、影响、当前状态。然后用简洁的语言把这些点连贯起来。 确保不超过100字,同时保持信息准确和完整。最后检查一下有没有冗余的信息,比如技术细节可能不需要详细说明。 </think> 一位研究人员因不满微软漏洞披露流程,公开了未修补的Windows零日漏洞BlueHammer。该漏洞可让攻击者获取SYSTEM权限,目前无补丁可用。 2026-4-7 08:9:34 Author: securityaffairs.com(查看原文) 阅读量:15 收藏
Experts published unpatched Windows zero-day BlueHammer
A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet.
A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer reports.
The researcher privately reported the vulnerability to Microsoft but criticized the way the Microsoft’s Security Response Center (MSRC) managed the disclosure process. On April 3rd, the expert published the BlueHammer exploit on GitHub under the alias Nightmare-Eclipse. Microsoft hasn’t released a patch, so the flaw qualifies as a zero-day and leaves Windows systems open to potential attacks.
“I’m just really wondering what was the math behind their decision, like you knew this was going to happen and you still did whatever you did ? Are they serious ?” reads the description published in the Github repository hosting the BlueHammer vulnerability.
— vx-underground (@vxunderground) April 6, 2026Frustrated nerd drops zero day exploit after Microsoft vulnerability bug bounty people annoy him, or something, I don't know.
I haven't tested or confirmed, but stinky nerds tell me it's legit. https://t.co/u19Dy2SP0k
Nightmare-Eclipse pointed out that he inserted a few bugs in the PoC exploit code that could prevent it from working.
Popular cybersecurity experts Will Dormann confirmed that the BlueHammer exploit works. It’s a local privilege escalation (LPE) flaw combining TOCTOU and path confusion. The exploitation is not easy, however it can let a local attacker access the Security Account Manager (SAM) database with password hashes. With this access, attackers can escalate to SYSTEM privileges, potentially fully compromising the machine and spawning SYSTEM-level shells to control the system.
“There’s a new Windows 0day LPE that has been disclosed called BlueHammer [github.com]. The reporter suggests [deadeclipse666.blogspot.com] that it’s being disclosed due to how MSRC operates these days.” Dormann wrote on Mastodon. “MSRC used to be quite excellent to work with.
But to save money Microsoft fired the skilled people, leaving flowchart followers.
I wouldn’t be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that’s apparently an MSRC requirement now.”
Even though BlueHammer needs local access, it poses a serious risk, attackers can reach the system via social engineering, stolen credentials, or by exploiting other vulnerabilities
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, BlueHammer)
如有侵权请联系:admin#unsafe.sh