home.social

#bluehammer — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #bluehammer, aggregated by home.social.

  1. EVERYONE GETS AN LPE

    Windows:
    #BlueHammer (#CVE_2026_33825)
    #RedSun (#CVE_2026_41091)
    #UnDefend (#CVE_2026_45498)
    #WindowsInstaller (#CVE_2026_27910):

    Linux:
    #CopyFail (#CVE_2026_31431)
    #SSHKeysignPwn (#CVE_2026_46333)

    FreeBSD:
    #FatGid (#CVE_2026_45250)
    #ExecveBug (#CVE_2026_7270)

  2. EVERYONE GETS AN LPE

    Windows:
    #BlueHammer (#CVE_2026_33825)
    #RedSun (#CVE_2026_41091)
    #UnDefend (#CVE_2026_45498)
    #WindowsInstaller (#CVE_2026_27910):

    Linux:
    #CopyFail (#CVE_2026_31431)
    #SSHKeysignPwn (#CVE_2026_46333)

    FreeBSD:
    #FatGid (#CVE_2026_45250)
    #ExecveBug (#CVE_2026_7270)

  3. CISA Mandates Patching of Exploited BlueHammer Flaw in Federal Systems

    Don't let your federal systems become an easy target: CISA is mandating the patching of the exploited BlueHammer flaw to prevent malicious cyber actors from gaining a foothold. A high-severity vulnerability in Microsoft Defender can allow low-privileged users to gain SYSTEM permissions - but a patch is available.

    osintsights.com/cisa-mandates-

    #Cve202633825 #Bluehammer #MicrosoftDefender #PatchTuesday #PrivilegeEscalation

  4. #BlueHammer wurde zum 14. April 2026 als Defender Schwachstelle gepatcht. Hier meine Nachlese samt Link auf eine Fortra-Analyse.

    borncity.com/blog/2026/04/16/b

  5. #BlueHammer wurde zum 14. April 2026 als Defender Schwachstelle gepatcht. Hier meine Nachlese samt Link auf eine Fortra-Analyse.

    borncity.com/blog/2026/04/16/b

  6. Pissing off a hacker is never a good idea. The #BlueHammer researcher has dropped another one, abusing Microsoft Defender's dorky behaviour to gain NT Authority privileges.
    github.com/Nightmare-Eclipse/R
    #Security #Microsoft #Windows #RedSun

  7. Pissing off a hacker is never a good idea. The #BlueHammer researcher has dropped another one, abusing Microsoft Defender's dorky behaviour to gain NT Authority privileges.
    github.com/Nightmare-Eclipse/R
    #Security #Microsoft #Windows #RedSun

  8. Fully exploitable Windows Defender vulnerability with full source code public for >8 days no CVE assigned so far (BlueHammer).

    Writeup: hackingpassion.com/bluehammer-

    Full source code: github.com/Nightmare-Eclipse/B

    /cc @bsi Was ist eigentlich der "Prozess" für vollständig öffentliche Lücken zu denen es seit über einer Woche noch nicht einmal eine CVE Nummer gibt?

    Edit: Patch and CVE number CVE-2026-33825 available by now. Took 6 days though.

    #infosec #itsec #Microsoft #WindowsDefender #BlueHammer

  9. Fully exploitable Windows Defender vulnerability with full source code public for >8 days no CVE assigned so far (BlueHammer).

    Writeup: hackingpassion.com/bluehammer-

    Full source code: github.com/Nightmare-Eclipse/B

    /cc @bsi Was ist eigentlich der "Prozess" für vollständig öffentliche Lücken zu denen es seit über einer Woche noch nicht einmal eine CVE Nummer gibt?

    Edit: Patch and CVE number CVE-2026-33825 available by now. Took 6 days though.

    #infosec #itsec #Microsoft #WindowsDefender #BlueHammer

  10. Recently this popped up, #Bluehammer a #Windows exploit that exploits Windows Defender for a local privilege elevation

    From user to system level..

    It triggers a Defender scan and locks that after, so it can access a certain database that is been backed up while Defender scans to gain system level access

    GitHub now gives a warning for the repo it seems:
    github.com/Nightmare-Eclipse/B

    Just be careful

  11. Recently this popped up, #Bluehammer a #Windows exploit that exploits Windows Defender for a local privilege elevation

    From user to system level..

    It triggers a Defender scan and locks that after, so it can access a certain database that is been backed up while Defender scans to gain system level access

    GitHub now gives a warning for the repo it seems:
    github.com/Nightmare-Eclipse/B

    Just be careful

  12. Microsoft Rushes Fixes for 167 Vulnerabilities Amid Zero-Day Exploits

    Microsoft just rolled out urgent Patch Tuesday fixes for a whopping 167 vulnerabilities in Windows and related software, including zero-day exploits in SharePoint Server and Windows Defender. But with threats evolving at breakneck speed, can patches keep up to protect our increasingly software-reliant lives?

    osintsights.com/microsoft-rush

    #PatchTuesday #ZeroDay #Bluehammer #GoogleChrome #AdobeReader

  13. @wdormann Of course Microsoft used their GitHub ownership to remove the repo instead of fixing both problems (the exploit and the video requirement).

  14. @wdormann Of course Microsoft used their GitHub ownership to remove the repo instead of fixing both problems (the exploit and the video requirement).

    #bluehammer #github #censorship #responsibledisclosure

  15. CW: На днях появился BlueHammer — опубликованный прототип уязвимости нулевого дня в Windows-системах. Позволяет повысить права (привелегии) в системе до уровня учётной записи SYSTEM или расширенных админских.
    Уязвимость нулевого дня оказалась опубликована вместе с протипом (примером) использования. Опубликовано человеком (Chaotic Eclipse), которому не удалось сообщить о проблеме через официальные каналы Microsoft, потому что соответствующее подразделение (MSRC) захотело прямо аж видео с подтверждением работоспособности данной уязвимости. Отказываясь иначе вести диалог и принимать информацию к сведению.

    Это тот апофеоз тотальной идиотии, который преобладает в Microsoft последние 10+ лет. Ниже расписано более детально по этой теме.
    Очередное дно пробито, но это не первый раз, а стабильность — это верный признак мастерства.
    Нет такого, что Linux или BSD-системы вдруг стали модными и популярными, это людям приходится уходить с Windows-систем из-за такого качества работы Microsoft.

    #bluehammer #microsoft #windows #cve #lang_ru @Russia

    RE: https://hub.hubzilla.de/item/fadba136-52e4-46e3-9101-5d8c7b0d61fb