A disgruntled researcher using the handle Chaotic Eclipse has made the April 2026 Patch Tuesday cycle the most awkward one Microsoft has faced in years. First came BlueHammer, a fully working local privilege escalation against Microsoft Defender that Microsoft quietly patched on April 14 as CVE-2026–33825 (CVSS 7.8) while publicly crediting two different researchers. Twenty-four hours later, the same author dropped RedSun, a second Defender privilege-escalation exploit that still works against fully patched Windows 10, Windows 11, and Windows Server 2019+ as of this writing. Both target Microsoft Defender Antivirus, the real-time antimalware engine built into every supported version of Windows and the foundation of Microsoft Defender for Endpoint. This is not a theoretical or contested story, and the technical chain is exactly the kind of abuse-the-security-product-as-a-write-primitive bug that James Forshaw of Google Project Zero has been demonstrating against Windows for a decade. The uncomfortable part, for defenders, is that the vulnerabilities matter less than what they reveal about the product everyone assumed was quietly getting better.
Enterprise security teams have spent the last five years being told that Microsoft Defender is now a legitimate first-tier control. Gartner has named Microsoft a Leader in its Magic Quadrant for Endpoint Protection Platforms for six consecutive years, most recently in July 2025. Forrester named Microsoft a Leader in its Q2 2024 Wave for Extended Detection and Response. AV-TEST hands the product "Top Product" certifications in nearly every bi-monthly cycle. Independent ransomware telemetry and real-world CVE patterns tell a messier story, and the RedSun incident is a useful entry point into why assuming Defender is good enough, because it is on, because it is updated, because Gartner likes it, has become a risky default.
What RedSun and BlueHammer Actually Do
The mechanics matter because they describe a class of problem Microsoft has not fixed structurally. According to Will Dormann, the former CERT/CC analyst now at Tharros (formerly Analygence) who independently validated both exploits, RedSun uses the Windows Cloud Files API to create a file, writes an EICAR test string into it, uses an opportunistic lock to win a race against Defender's volume shadow copy scanning routine, and then swaps a directory junction reparse point underneath the privileged scanner so that the rewrite lands at C:\Windows\System32\TieringEngineService.exe. The next time Windows invokes the Cloud Files Infrastructure service, the attacker-controlled binary runs as SYSTEM. Dormann summarized it bluntly on Mastodon, as quoted by BleepingComputer: "This works 100% reliably to go from unprivileged user to SYSTEM against Windows 11 and Windows Server with April 2026 updates, as well as Windows 10, as long as you have Windows Defender enabled."
BlueHammer, patched in the April 14 cycle, used a related but distinct chain described in detail by Cyderes and by Fortra's Core Security researchers. It abused the Defender signature-update flow, placing an oplock on mpasbase.vdm and using an Object Manager symbolic link plus a junction to redirect the SYSTEM-level write to the SAM and SYSTEM registry hives via Volume Shadow Copy, enabling NTLM hash extraction and local pass-the-hash through SamiChangePasswordUser. On Windows Server the outcome is elevated admin rather than full SYSTEM due to authorization checks, per Dormann's notes, but the impact is still a complete security-boundary break.
The ingredients, oplocks, reparse points, Object Manager symlinks, TOCTOU races against privileged file operations, are not novel. Forshaw's symbolic-link testing tools have been publicly available since 2015. What is novel is that Microsoft Defender itself has become a reliable privilege-escalation primitive on every supported Windows build, and that a single researcher with a grudge can publish two working exploits in the same week.
The Disclosure Breakdown Behind the Leak
The story of why these dropped as uncoordinated zero-days matters as much as the code. According to the researcher's own PGP-signed blog post on deadeclipse666.blogspot.com, Microsoft's response team told them "personally… that they will ruin my life and they did. They mopped the floor with me and pulled every childish game they could." Dormann's public speculation, reported by BleepingComputer, is that MSRC closed Chaotic Eclipse's original case after the researcher refused to submit a required exploit video, a procedural step Dormann dismissed as the work of "flowchart followers" after Microsoft "fired the skilled people."
Microsoft's official CVE-2026–33825 advisory credits Zen Dodd and Yuanpei XU, not Chaotic Eclipse, consistent with the claim that MSRC dismissed the original report and only fixed the bug once other researchers filed through proper channels. That credit mismatch is the trigger event. Chaotic Eclipse has since promised, publicly, "I will personally make sure that it gets funnier every single time Microsoft releases a patch," and a third tool named UnDefend (a Defender denial-of-service) sits in their GitHub account alongside RedSun and BlueHammer.
This pattern is not isolated. In June 2024, researcher m3rcer at AlteredSecurity published a Defender tamper-protection bypass after MSRC closed their January 2024 report as "unable to reproduce." Microsoft then silently patched the issue in April 2024 without assigning a CVE or awarding a bounty. Tenable's CEO Amit Yoran wrote in an August 2023 LinkedIn post that Microsoft's response to a critical Azure cross-tenant flaw he had reported was "grossly irresponsible, if not blatantly negligent," with a partial fix landing 98 days after disclosure and a full fix delayed to 182 days. "What you hear from Microsoft is 'just trust us,'" Yoran wrote, "but what you get back is very little transparency and a culture of toxic obfuscation." When researchers at the caliber of Yoran and Dormann publicly align with a pseudonymous person dropping zero-days out of spite, MSRC has a credibility problem, not an isolated incident.
A Pattern of Defender Vulnerabilities, Not a One-Off
Reading RedSun as unlucky ignores five years of CVE history. CVE-2021–1647, a remote code execution bug in the Microsoft Malware Protection Engine itself, was listed in CISA's Known Exploited Vulnerabilities catalog and appeared in Patch Tuesday on January 12, 2021, during the SolarWinds follow-on activity. The vulnerability triggered automatically when Defender scanned a crafted file, which is the worst possible exploitation shape for a default-on antivirus running as SYSTEM. CVE-2021–24092, published the following month, was a local privilege escalation in Defender that researchers at SentinelOne found had been exploitable for roughly twelve years before anyone noticed.
The SmartScreen component has a particularly troubled record. CVE-2023–36025 (CVSS 8.8), patched in November 2023, allowed attackers to bypass Mark-of-the-Web prompts using crafted internet-shortcut files and was added to the CISA KEV catalog the same day. Trend Micro documented its use in the Phemedrone Stealer campaign, and BleepingComputer traced additional exploitation through DarkGate, Remcos, NetSupport, and the Mispadu banking trojan. Just three months later, CVE-2024–21412 broke the same mechanism again, Zero Day Initiative researchers watched the Water Hydra APT exploit it against financial traders to drop DarkMe in December 2023 before Microsoft patched on February 13, 2024, with DarkGate operators layering in Google DoubleClick open redirects for delivery. CVE-2024–21351, patched the same month, was yet another SmartScreen bypass. The cadence shows that Microsoft fixes SmartScreen bypasses reactively, each patch creating a new attack surface rather than hardening the underlying Mark-of-the-Web trust model.
Two 2024 kernel-driver zero-days illustrate how this interacts with ransomware. CVE-2024–21338, an elevation-of-privilege flaw in appid.sys (the AppLocker driver), was exploited by North Korea's Lazarus Group to load their FUDModule rootkit, per BleepingComputer. CVE-2024–38193, a second Lazarus zero-day in afd.sys, was specifically used to disable CrowdStrike Falcon, Windows Defender, AhnLab V3, and HitmanPro. Microsoft shipped the patches, but the fact that a nation-state actor was weaponizing Microsoft's own signed drivers to disable Microsoft's own security product is not a success story for any party involved.
How Defender Actually Fares Against Ransomware
Lab certifications are not the battlefield. The commercial ransomware crews of 2023 through 2026, LockBit, BlackCat/ALPHV, Clop, Akira, Play, Black Basta, Medusa, Qilin, Scattered Spider, and the RansomHub collective that rose out of the ALPHV collapse, have treated Defender as a component to be disabled rather than evaded. Sophos X-Ops documented in August 2024 that RansomHub affiliates deploy a purpose-built tool called EDRKillShifter, which loads a legitimate but vulnerable signed driver (Sophos observed RentDrv2 and ThreatFireMonitor in the wild) and uses it to terminate endpoint protection processes from kernel space. Researchers at Hive Security counted, as of March 2026, 54 distinct EDR killer tools collectively abusing 35 signed vulnerable drivers; EDRKillShifter alone has been observed in use by eight ransomware groups.
BleepingComputer has separately reported Akira abusing a CPU-tuning driver to disable Microsoft Defender, BlackByte abusing a legitimate RTCore64 driver, and Scattered Spider using an old Intel driver to bypass endpoint protection during the MGM and Caesars intrusions of 2023. CISA's joint advisory on twelve ransomware gangs, summarized by Lumu in 2025, describes Play ransomware specifically using PowerShell scripts to target and disable Microsoft Defender before encryption. The pattern is consistent. Modern ransomware does not try to outrun Defender's heuristics; it unloads the product.
The human cost is documented. The February 2024 BlackCat/ALPHV attack on Change Healthcare produced a $22 million ransom payment and disrupted US pharmacy operations for weeks. The same month's Ascension Health breach exposed 5.6 million patient records; Senator Ron Wyden cited it in his September 2025 letter to the FTC as evidence that Microsoft's RC4 Kerberos defaults "needlessly expose" customers to Kerberoasting, writing that "Microsoft has become like an arsonist selling firefighting services to their victims." Defender was present in both environments. It did not stop either incident.
What Independent Tests Show, and What They Miss
AV-TEST's consumer scores make Defender look excellent. Across every bi-monthly 2024 cycle, Microsoft Defender Antivirus 4.18 scored 5.5 or 6.0 out of 6 on Protection, Performance, and Usability, comfortably above the Top Product threshold of 17.5 combined points, per av-test.org. That result has held through early 2026. The problem is discriminatory power: Norton, Avast, TotalAV, Bitdefender, and a half-dozen others all score 6/6/6 in the same cycles, so the certification sorts functional from broken rather than good from great.
AV-Comparatives, which uses stricter methodology, tells a more informative story. In its 2024 Summary Report, published January 29, 2025, Microsoft received five "Advanced" awards , the middle tier, and zero "Advanced+" recognitions. ESET HOME Security Essential took Product of the Year 2024 with Advanced+ in all seven tests; Avast, AVG, Bitdefender, and Kaspersky received Top-Rated awards. Microsoft did not. In Real-World Protection and Malware Protection tests, Microsoft consistently ranked mid-field, with higher false-positive rates than Bitdefender, ESET, and Kaspersky.
The MITRE Engenuity ATT&CK Evaluations are where Microsoft's marketing strongest. Microsoft claimed 100% technique visibility and 100% protection coverage in Round 5 (Turla/Snake, 2023) and 100% detection across Linux and macOS in Round 6 (published December 11, 2024, covering DPRK macOS scenarios plus LockBit and Cl0p ransomware). Both claims are technically accurate against Microsoft's chosen metric definitions, but Forrester analyst Allie Mellen has noted that MITRE evaluations can be gamed by setting detection sensitivity unrealistically high and using configurations "not representative of production environments." In Round 5, eSecurityPlanet reported that Palo Alto Networks detected all 143 substeps and stopped all 13 protection evaluations on the first step, while Microsoft, CrowdStrike, and Cybereason each "missed a small number of the protection steps before stopping the threat." Microsoft is competitive. It is not uniquely dominant.
The Structural Problems Behind the CVEs
Several deeper issues show up repeatedly across the data. The first is monoculture. Microsoft Defender is installed and active by default on the overwhelming majority of Windows endpoints, and IDC ranks Microsoft Defender for Endpoint number one in global endpoint security market share with approximately 40.2% in 2024, more than double CrowdStrike's 14.2% per MSSP Alert. Dan Geer and Bruce Schneier warned about exactly this concentration risk in their 2003 essay "CyberInsecurity: The Cost of Monopoly," a single vulnerability class in Defender compromises more endpoints, faster, than a bug in any competing product. RedSun's "100 percent reliable" exploitability across every supported Windows build is the textbook realization of that warning.
The second issue is what Alex Stamos, formerly CISO at Facebook and Yahoo, called Microsoft's "dangerous addiction to security revenue" in a January 2024 LinkedIn post written after the Midnight Blizzard disclosure. Stamos argued that Microsoft has "seriously warped their product design decisions" by holding back "completely necessary functionality for the most expensive license packs," comparing it to "car companies charging for seat belts or airplane manufacturers charging for properly tightened bolts." The premium-tier licensing of advanced logging, only loosened after the Storm-0558 breach forced the issue , is the clearest example. When a product is simultaneously bundled free, up-sold as a premium service, and foundational to customer security, the incentive to harden the bundled tier weakens.
The third issue is Microsoft's dual role as both operating-system vendor and security vendor. The US Cyber Safety Review Board's March 2024 report on the summer 2023 Exchange Online intrusion, published by CISA, did not hedge: "This intrusion should never have happened. Storm-0558 was able to succeed because of a cascade of security failures at Microsoft." The report concluded that "Microsoft's security culture was inadequate and requires an overhaul" and criticized "a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company's centrality in the technology ecosystem." Microsoft did not detect the compromise itself; the State Department did, via its "Big Yellow Taxi" logging rule. Microsoft has acknowledged, per the CSRB, that it still does not know how Storm-0558 obtained the 2016 MSA consumer signing key used in the attack. CrowdStrike's Adam Meyers has noted that Midnight Blizzard was Microsoft's fourth major breach since SolarWinds in 2020, following Lapsus$ in 2022 and Storm-0558 in 2023.
The fourth issue is portfolio complexity. A security buyer considering Microsoft's stack must reason across Defender Antivirus, Defender for Endpoint Plans 1 and 2, Defender for Business, Defender XDR (formerly Microsoft 365 Defender), Defender for Cloud, Defender for Cloud Apps, Defender for Identity, Defender for Office 365, and Microsoft Sentinel. The naming collisions between Defender XDR and Defender for Endpoint, and between Sentinel and the Defender portal, which Microsoft forcibly merged in July 2025 for newly onboarded workspaces , are regularly cited by managed service providers as sources of customer confusion and misconfiguration. Gaps between these products become attacker opportunities.
The Secure Future Initiative and What It Has Not Yet Fixed
Microsoft launched its Secure Future Initiative in November 2023 and expanded it materially after the CSRB report, committing in May 2024 to three principles: secure by design, secure by default, and secure operations. The November 10, 2025 progress report is not empty. Microsoft reports 35,000 engineers assigned to SFI work, 99.6% of employees on phishing-resistant MFA, 98% of cloud assets migrated from the older ASM to ARM control plane, and executive compensation tied to SFI objectives. Five of 28 objectives are near completion; twelve show significant progress. These are real improvements.
They have not yet shown up as structural changes in Defender's bug shape. RedSun in April 2026 uses the same class of primitive, a privileged file operation redirected by an attacker-controlled reparse point, that James Forshaw documented publicly in 2015. Wyden's September 2025 FTC letter notes that Microsoft promised to disable RC4 Kerberos in response to Kerberoasting-driven ransomware attacks and still had not shipped the change eleven months later. The SFI scoreboard and the vulnerability scoreboard are measuring different things.
The Honest Counterargument
A fair assessment has to account for the genuine case in Defender's favor. Default-on endpoint protection has materially raised the floor for the hundreds of millions of Windows users who would otherwise run nothing, and Microsoft's 2025 Digital Defense Report's claim of 100 trillion security signals ingested per day, while self-reported, describes a telemetry advantage no competitor can match. The Automatic Attack Disruption feature, generally available since 2022, has demonstrated real value; Microsoft's published case studies describe ransomware disruption in an average of three minutes with greater than 99.99% confidence thresholds, and while those are internal metrics, MITRE's Round 6 protection scenarios independently exercised the capability.
On cost, the comparison is unambiguous. Defender for Endpoint Plan 2 lists at roughly $5.20 per user per month and is bundled into Microsoft 365 E5; Defender for Business sits at about $3 per user per month for organizations under 300 seats. CrowdStrike Falcon Pro runs $99.99 per device per year, and Falcon Enterprise lists at $184.99, per crowdstrike.com. For a mid-market organization already on E5, the incremental endpoint-security cost of layering CrowdStrike or SentinelOne on top is substantial. Forrester's Q2 2024 XDR Wave, which named Microsoft a Leader with highest-possible scores in 15 of 22 criteria including Endpoint Native Detection and Threat Hunting, concluded that "Microsoft is refining the most complete XDR offering in the market today," a claim that reflects real engineering investment, not just bundling.
The defensible position, then, is not that Defender is broken. It is that Defender is a capable baseline that large organizations have been mistaking for a complete control.
What SOC and IT Leaders Should Do Now
RedSun is a SYSTEM-level local privilege escalation, which means it matters primarily after initial access. The practical mitigation picture therefore looks less like "buy a different AV" and more like "stop treating endpoint protection as a single layer." Three things deserve immediate attention in any environment that is standardized on Defender.
First, Attack Surface Reduction rules need to be enforced in block mode, not audit mode, for at least the highest-value controls: blocking credential theft from LSASS (rule GUID 9e6c4e1f-7d60–472f-ba1a-a39ef669e4b2), blocking abuse of vulnerable signed drivers (56a863a9–875e-4185–98a7-b882c64b5ce5), and blocking persistence through WMI event subscription. The vulnerable-driver rule alone materially raises the cost of every EDRKillShifter-class BYOVD attack documented since 2023. Palantir's published Defender hardening guidance recommends progressing rules through audit, warn, and block modes with per-rule exclusions, and reports that the ASR block on Office applications creating child processes has the highest real-world disruption value at the cost of highest change-management overhead.
Second, Windows Defender Application Control or AppLocker should be deployed on any system where user-installed binaries are not an operational requirement. Microsoft's kernel-enforced vulnerable driver block list is on by default in Windows 11 22H2 and later when HVCI or Smart App Control is enabled, but many enterprise estates still run it as opt-in. Because RedSun-class attacks require an attacker-controlled executable to land in System32, allow-listing at the kernel level removes the second half of the chain even where the race condition remains exploitable. Sysmon Event ID 6 (driver load), cross-referenced against the loldrivers.io database, is the detection surface for BYOVD before the kill phase fires.
Third, detection engineering for the Defender-abuse class of attack needs explicit hunting queries, not just default alerting. Useful starting points in Defender XDR Advanced Hunting include watching for reparse point creation where the target path falls inside C:\Windows\System32 or C:\Program Files\Windows Defender, monitoring oplock acquisition patterns that correlate with privileged file writes, and alerting on any modification of TieringEngineService.exe or mpasbase.vdm outside Windows Update windows. Tamper Protection events in the AlertInfo table should be treated as incident-grade signals, and DeviceTvmSecureConfigurationAssessment with ConfigurationId == 'scid-2003' provides coverage visibility.
For organizations in regulated industries, high-value targets, or heterogeneous estates (particularly those with significant macOS or Linux footprints, where Microsoft Learn release notes through 2026 document recurring Defender-on-macOS performance degradation and Defender-on-Linux auditd deprecation issues), the calculus for layering a third-party EDR on top of Defender is stronger than it was in 2022. This is not a replacement. It is defense diversity against the monoculture risk that RedSun made concrete. Red Canary's 2025 Threat Detection Report, drawn from nearly 93,000 investigated threats across 308 petabytes of telemetry, argues that identity-based attacks grew roughly four times year over year and that EDR "remains a crucial component to achieving defense in depth," not a stand-alone solution.
The Takeaway That Survives the Patch Cycle
Microsoft will patch RedSun. A future Patch Tuesday will quietly ship a new Microsoft Defender Antimalware Platform build, Microsoft Security Response Center will credit a researcher who is probably not Chaotic Eclipse, and the immediate vulnerability will close. The reasons the bug existed, Defender's SYSTEM-level file operations being coercible by user-controllable reparse points, a vulnerability-reporting process that researchers of Dormann's and Yoran's caliber describe in terms ranging from "flowchart followers" to "blatantly negligent," a ransomware economy that treats endpoint agents as targets rather than obstacles, and a monoculture in which a single bypass compromises forty percent of the enterprise endpoint market, will not close with the patch.
Defender is not bad. It is a reasonable, often underappreciated baseline that has substantively improved since 2018, and ignoring that improvement is analytically lazy. What Defender is not is sufficient, and the gap between "enabled and updating" and "actually resilient" is where the ransomware operators of 2024 through 2026 have been making money. The right posture for a SOC or IT leader reading the April 2026 coverage is neither panic nor complacency. It is to assume that Defender is one control among several that an adversary will systematically try to unload, to invest in the ASR, WDAC, privileged access, and hunting infrastructure that catches the unload attempt, and to stop treating a Gartner Leader badge as an operational assurance. BlueHammer was patched in a day. RedSun has not been patched as of April 17. The structural problem under both will still be there when the next one drops.