Microsoft warns of new Defender zero-days exploited in attacks - BleepingComputer

Microsoft has urgently warned of two new "zero-day" vulnerabilities, identified as UnDefend (CVE-2024-21338) and RedSun (CVE-2024-21339), within its widely used Defender antivirus software. These critical flaws, which permit "elevation of privilege," have been actively exploited by "threat actors" in targeted attacks. The revelation came as part of Microsoft's regular "Patch Tuesday" cycle, where the tech giant released security updates to mitigate these and other vulnerabilities. Given Defender's pervasive deployment across Windows ecosystems, these exploits represent a significant immediate risk to individual and organizational cybersecurity postures globally. The exploitation of such "zero-day" flaws in an essential "endpoint protection" solution like Microsoft Defender underscores the escalating sophistication of cyber threats and the continuous cat-and-mouse game between defenders and attackers. These particular vulnerabilities, enabling attackers to gain SYSTEM-level access, can be a crucial component in a larger "attack chain," allowing malicious actors to move laterally, exfiltrate data, or deploy ransomware following an initial compromise. In the current global macroeconomic climate, characterized by heightened geopolitical tensions and increasing reliance on digital infrastructure, the integrity of core security tools is paramount. Such breaches not only incur direct financial costs but also erode trust in digital ecosystems, potentially impacting supply chains and national security interests, emphasizing the critical need for robust and timely patching strategies.