Home » Technology » Internet » RedSun: Chaotic Eclipse releases the next zero-day exploit

RedSun: Chaotic Eclipse releases the next zero-day exploit

4 minutes ago Amit Gohar

A security researcher who works under the pseudonym “Chaotic Eclipse” has made another previously unknown vulnerability in Windows public within two weeks. This is located in the antivirus program Microsoft Defender.

Defender becomes a point of attack

The now presented proof-of-concept exploit with the title “RedSun” allows attackers to gain extensive system privileges under current versions of Windows. This works even on systems that are currently fully patched, so you are dealing with a classic zero-day vulnerability. Specifically, the problem is a local privilege escalation (LPE).

Windows 10, Windows 11 and Windows Server versions are affected if Microsoft Defender is activated. According to the description, the exploit uses unusual behavior of the virus scanner off: If Defender detects a potentially malicious file with a so-called cloud tag, the program writes this file back to its original location. This behavior can be manipulated to overwrite system files and ultimately gain administrative SYSTEM rights.

Security analyst Will Dormann confirmed the exploit’s functionality to US magazine BleepingComputer. Accordingly, the attack uses, among other things, the Cloud Files API, a test file for antivirus programs (EICAR) and technical tricks such as so-called oplocks and directory redirections. This ensures that a manipulated file is written to a sensitive system directory and then executed with the highest rights.

AV solutions sometimes fail

Some antivirus solutions detect the exploit because the EICAR test signature is included. However, detection could be significantly reduced using simple obfuscation techniques. More technical details another security researcher published under the name Kevlar. Last week, “Chaotic Eclipse” had already published a similar vulnerability with “BlueHammer”, which has since been closed by Microsoft.

The researcher sees both publications as a protest against the company’s handling of external security reports. He makes serious allegations and describes the cooperation with the Microsoft Security Response Center as extremely negative. Microsoft rejected the criticism and emphasized that it carefully investigates reported security problems and relies on coordinated disclosure to best protect users.

Tags: , , , , ,

More Stories

Satellite Internet: Amazon takes over Globalstar and attacks Starlink

6 days ago Priti Rajpoot

Espionage allegation: LinkedIn secretly scans browser extensions

1 week ago Joshua Bato

Top SMS Verification Methods Used by Online Platforms in 2026

1 week ago Alexia Hope

Leave a Reply

Today’s Latest

Windows 11: Microsoft is reportedly rebuilding the Start menu from scratch

11 seconds ago Amit Gohar

AMD Ryzen 9 9950X3D2: CPU breaks several benchmark world records

2 minutes ago Amit Gohar

RedSun: Chaotic Eclipse releases the next zero-day exploit

4 minutes ago Amit Gohar

0patch delivers micropatch: Fix for Windows Server without ESU is here

10 minutes ago Alexia Hope

US government AI commissioner fired again after four days

16 minutes ago Amit Gohar

Apple Pay: Security gap allows debits without user confirmation

23 hours ago Yasir Zeb

Nvidia with Plan B: RTX 5050 is delayed, RTX 3060 should fill the gap

23 hours ago Yasir Zeb

Musk buys from Musk: SpaceX acquired almost one in five Cybertrucks

23 hours ago Yasir Zeb

TSMC has problems: 2nm chips are only sufficient for the most expensive smartphones

1 day ago Yasir Zeb

New EU app allows age verification without revealing any data

1 day ago Yasir Zeb