嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要特定的开头。首先,我需要仔细阅读文章内容,抓住关键点。 文章讲的是美国CISA将微软 Defender的一个漏洞加入已知被利用的漏洞目录。漏洞编号是CVE-2026-33825,CVSS评分7.8,属于中高风险。微软已经在4月的安全更新中修复了这个漏洞。 另外,Huntress的研究人员发现攻击者正在利用这个漏洞和其他两个零日漏洞(BlueHammer、RedSun、UnDefend)来提升权限。其中Chaotic Eclipse公布了未修补漏洞的PoC代码,导致攻击者可以快速利用这些漏洞进行攻击。 CISA要求联邦机构在5月6日前修复这个漏洞,并建议私营组织也进行检查和修复。 总结的时候,我需要涵盖以下几点: 1. CISA将微软Defender的漏洞加入目录。 2. 漏洞编号和评分。 3. 微软已经修复。 4. 攻击者利用该漏洞和其他零日漏洞。 5. CISA的修复截止日期。 确保不超过100字,同时语言简洁明了。 </think> 美国网络安全与基础设施安全局(CISA)将微软 Defender 的一个漏洞(CVE-2026-33825)加入已知被利用的漏洞目录。该漏洞可被用于提升权限,微软已在4月的安全更新中修复。研究人员发现攻击者正利用此漏洞及其他零日漏洞(BlueHammer、RedSun、UnDefend)进行攻击。CISA要求联邦机构于5月6日前修复该漏洞。 2026-4-23 09:23:55 Author: securityaffairs.com(查看原文) 阅读量:21 收藏
U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog.
CVE-2026-33825 is a Microsoft Defender flaw that can be exploited to achieve privilege escalation. Microsoft fixed it with the release of Patch Tuesday security updates for April 2026.
Last week, Huntress researchers reported that attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems, including CVE-2026-33825 (aka BlueHammer). The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the disclosure.
Chaotic Eclipse also published proof-of-concept code for the unpatched Windows bug.
BlueHammer and RedSun let attackers escalate privileges locally in Microsoft Defender. UnDefend instead triggers a denial-of-service, blocking security definition updates and weakening protection.
At this time, Microsoft has only fixed the flawok CVE-2026-33825, but the others remain unpatched.
Huntress researchers reported attackers are exploiting the three Windows flaws to target systems, though the victims and attackers remain unknown.
Huntress said it saw real-world exploitation of all three flaws. Attackers used BlueHammer starting April 10, 2026, then followed with RedSun and UnDefend proof-of-concept exploits on April 16.
Researchers believe attackers are using public exploit code released online by Chaotic Eclipse. Huntress said attackers started exploiting BlueHammer on April 10, 2026, then followed with RedSun and UnDefend proof-of-concept exploits on April 16.
When exploit code becomes publicly available, threat actors can quickly weaponize it in attacks in the wild.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerability by May 6, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)
如有侵权请联系:admin#unsafe.sh