New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges

Source: BleepingComputer

Author: Lawrence Abrams

URL: https://www.bleepingcomputer.com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/

ONE SENTENCE SUMMARY:

Researcher Chaotic Eclipse released a RedSun proof‑of‑concept exploiting a second Microsoft Defender zero‑day, protesting Microsoft’s researcher engagement over recent two weeks.

MAIN POINTS:

1. Chaotic Eclipse publicly published exploit code as a proof-of-concept.
2. RedSun is described as a Microsoft Defender zero-day vulnerability.
3. This marks the second Microsoft Defender zero-day PoC released by the researcher.
4. The two disclosures occurred within roughly a two-week period.
5. Publication was framed as a protest against Microsoft’s handling of researchers.
6. The action highlights tension around vulnerability disclosure and vendor communication.
7. A working PoC can accelerate real-world exploitation attempts by others.
8. Defender’s widespread deployment increases potential exposure if unmitigated.
9. Public discussion may pressure faster remediation and clearer disclosure practices.
10. Organizations should track vendor updates related to the cited “RedSun” issue.

TAKEAWAYS:

1. Proof-of-concept releases can rapidly change the threat landscape, even without full weaponization.
2. Repeated zero-day disclosures suggest escalating frustration with the vendor-researcher process.
3. Security teams should prioritize monitoring for patches and mitigations tied to RedSun.
4. Public protest disclosures underscore the importance of transparent, timely researcher engagement.
5. Treat published PoCs for ubiquitous security products as high-signal indicators for defensive action.