Cybersecurity

Microsoft April 2026 Patch Tuesday: “BlueHammer” Zero-Day Exploited in the Wild, 167 Vulnerabilities Patched

Summary

Microsoft’s April 2026 Patch Tuesday is one of the largest in recent memory, addressing 167 vulnerabilities — including eight rated critical and at least two confirmed zero-days. The headline flaw is CVE-2026-33825, a Microsoft Defender elevation-of-privilege vulnerability dubbed “BlueHammer” (CVSS 7.8), which has been actively exploited since at least April 10.

BlueHammer was publicly disclosed on April 3 by a researcher known as “Chaotic Eclipse,” who released proof-of-concept exploit code after frustrations with Microsoft’s disclosure process. The exploit chains a race condition with flaws in Defender’s update process, Volume Shadow Copy Service, Cloud Files callbacks, and opportunistic locks to escalate a low-privilege user to SYSTEM. Two sibling Defender zero-days — “RedSun” and “UnDefend” — remain unpatched and are also being actively exploited in the wild.

Other critical fixes include CVE-2026-33824 (Windows IKE Service RCE, CVSS 9.8), CVE-2026-33827 (Windows TCP/IP RCE, CVSS 8.1), CVE-2026-32157 (Remote Desktop Client RCE, CVSS 8.8), and CVE-2026-33826 (Active Directory RCE, CVSS 8.0). A SharePoint Server spoofing zero-day (CVE-2026-32201, CVSS 6.5) was also confirmed under active exploitation.

Source

Krebs on Security — Patch Tuesday April 2026 Edition
The Hacker News — Three Microsoft Defender Zero-Days
Bleeping Computer — Microsoft April 2026 Patch Tuesday

Commentary

The BlueHammer saga is a textbook example of what happens when vulnerability disclosure breaks down. A frustrated researcher drops a working exploit, attackers pounce within a week, and the vendor is left patching under fire. The fact that two related Defender zero-days (RedSun and UnDefend) are still unpatched as of this writing makes this even more urgent — the tool that’s supposed to protect your endpoints can itself be weaponized or silenced entirely.

With 167 vulnerabilities and multiple CVSS 9.8 flaws in the mix, this is an all-hands-on-deck patching cycle. If your organization runs Windows (so, everyone), BlueHammer should be at the top of your priority list. And keep a close eye on RedSun and UnDefend — until Microsoft ships fixes for those, your Defender installations have a target painted on them.

Related Posts

You May Have Missed

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by