BlueHammer Windows 11 Zero day exploit on patched systems- using Defender vulnerability


PerpetualCycle

PerpetualCycle

Syzygy
Pro User
VIP
Local time
10:06 PM
Posts
12,109
OS
Windows 11 Pro x64
It requires local access that a hacker can gain through phishing or other means, but after that it can gain SYSTEM privileges through a software architecture vulnerability in how Defender works. It can't be patched or detected by regular means since it doesn't rely on a software flaw. It's code was made been available github about a week ago.

www.bleepingcomputer.com

Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions.
www.bleepingcomputer.com www.bleepingcomputer.com

www.cyderes.com

BlueHammer: Inside the Windows Zero-Day

Howler Cell outlines the BlueHammer exploit, a Windows zero-day leveraging Defender's update process to escalate privileges, remaining unpatched.
www.cyderes.com www.cyderes.com
 
Last edited:

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro x64i9 14900K P/E 5.8/4.5 GHz, cache 5.0 GHz96GB (2x48) G.skill Ripjaws 6800 MT/sAsus ROG Strix 4070 Ti OC
    OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    📷🔈🎧 🪛 DIY Photoshop/Audio/Game/tinker
    CPU
    i9 14900K P/E 5.8/4.5 GHz, cache 5.0 GHz
    Motherboard
    Asus ROG Maximus Z790 Dark Hero
    Memory
    🐏 96GB (2x48) G.skill Ripjaws 6800 MT/s
    Graphics Card(s)
    Asus ROG Strix 4070 Ti OC
    Sound Card
    🔊Bowers & Wilkins 606 S3 speakers; Audiolabs 7000a integrated amp; RSL 10S Mk2 sub; Creative Pebble Pro Minimilist
    Monitor(s) Displays
    🖥️🖥️ Eizo CG2730 ColorEdge, ViewSonic VP2768
    Screen Resolution
    🖥️🖥️ 2560 x 1440p x 2
    Hard Drives
    💾 WDC SN850X 4TB nvme, SN850 1TB nvme, SK-Hynix 2 TB P41 nvme,. Sabrent USB-C DS-SC5B 5-bay docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black HDD
    PSU
    ⚡️ 850W Seasonic Vertex PX-850 ATX 3.0/PCI-E 5.0
    Case
    Fractal Design North XL Mesh, Black Walnut
    Cooling
    ❄️ EK Nucleus black 360 AIO w/Phanteks T30-120 fans, 2 Noctua NF-A14 Chromax case fan, 1 T30-120 fan cooling memory
    Keyboard
    ⌨️ Keychron Q3 Max TKL with custom GMK Redsuns Red Samuri keycaps, TX Stabs
    Mouse
    🖱️ Logitech G305 wireless gaming
    Internet Speed
    ⬇️ 500 Mb/s ⬆️ 12 Mb/s
    Browser
    🔥🦊 Firefox
    Antivirus
    🦺 Defender, Macrium Reflect X 🏆
    Other Info
    Phangkey Amaterasu V2 Desk Mat

  • At a glance

    Apple M1
    Computer type
    Laptop
    Manufacturer/Model
    💻 Apple 13" Macbook Pro 2020 (m1)
    CPU
    Apple M1
    Screen Resolution
    2560x1600
    Browser
    Firefox
Where are you getting that it can't be patched?
 

My Computer My Computer

At a glance

Windows 11 Pro 25H212th Gen Core i7-1260P64 GB Micron PC4-25600Intel Iris Xe Graphics
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
Intel NUC12WSHi7
CPU
12th Gen Core i7-1260P
Motherboard
NUC12WSBi7
Memory
64 GB Micron PC4-25600
Graphics Card(s)
Intel Iris Xe Graphics
Sound Card
on-board Realtek HD Audio
Monitor(s) Displays
Dell U3219Q
Screen Resolution
3840 x 2160
Hard Drives
Samsung SSD 990 PRO 1TB
Crucial MX500 2 TB
Antivirus
Microsoft Defender
pseymour said:
Where are you getting that it can't be patched?
Click to expand...

I did not say that. I said it cannot be patched by regular means as it is the way that Defender and the system shadow copy interact when running a scan. Not just a code patch but also a key part of the way that defender works.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro x64i9 14900K P/E 5.8/4.5 GHz, cache 5.0 GHz96GB (2x48) G.skill Ripjaws 6800 MT/sAsus ROG Strix 4070 Ti OC
    OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    📷🔈🎧 🪛 DIY Photoshop/Audio/Game/tinker
    CPU
    i9 14900K P/E 5.8/4.5 GHz, cache 5.0 GHz
    Motherboard
    Asus ROG Maximus Z790 Dark Hero
    Memory
    🐏 96GB (2x48) G.skill Ripjaws 6800 MT/s
    Graphics Card(s)
    Asus ROG Strix 4070 Ti OC
    Sound Card
    🔊Bowers & Wilkins 606 S3 speakers; Audiolabs 7000a integrated amp; RSL 10S Mk2 sub; Creative Pebble Pro Minimilist
    Monitor(s) Displays
    🖥️🖥️ Eizo CG2730 ColorEdge, ViewSonic VP2768
    Screen Resolution
    🖥️🖥️ 2560 x 1440p x 2
    Hard Drives
    💾 WDC SN850X 4TB nvme, SN850 1TB nvme, SK-Hynix 2 TB P41 nvme,. Sabrent USB-C DS-SC5B 5-bay docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black HDD
    PSU
    ⚡️ 850W Seasonic Vertex PX-850 ATX 3.0/PCI-E 5.0
    Case
    Fractal Design North XL Mesh, Black Walnut
    Cooling
    ❄️ EK Nucleus black 360 AIO w/Phanteks T30-120 fans, 2 Noctua NF-A14 Chromax case fan, 1 T30-120 fan cooling memory
    Keyboard
    ⌨️ Keychron Q3 Max TKL with custom GMK Redsuns Red Samuri keycaps, TX Stabs
    Mouse
    🖱️ Logitech G305 wireless gaming
    Internet Speed
    ⬇️ 500 Mb/s ⬆️ 12 Mb/s
    Browser
    🔥🦊 Firefox
    Antivirus
    🦺 Defender, Macrium Reflect X 🏆
    Other Info
    Phangkey Amaterasu V2 Desk Mat

  • At a glance

    Apple M1
    Computer type
    Laptop
    Manufacturer/Model
    💻 Apple 13" Macbook Pro 2020 (m1)
    CPU
    Apple M1
    Screen Resolution
    2560x1600
    Browser
    Firefox
PerpetualCycle said:
I did not say that. I said it cannot be patched by regular means as it is the way that Defender and the system shadow copy interact when running a scan. Not just a code patch but also a key part of the way that defender works.
Click to expand...
Yeah I skipped over the "by regular means" because it's one of those phrases that sounds like it means something but doesn't.
 

My Computer My Computer

At a glance

Windows 11 Pro 25H212th Gen Core i7-1260P64 GB Micron PC4-25600Intel Iris Xe Graphics
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
Intel NUC12WSHi7
CPU
12th Gen Core i7-1260P
Motherboard
NUC12WSBi7
Memory
64 GB Micron PC4-25600
Graphics Card(s)
Intel Iris Xe Graphics
Sound Card
on-board Realtek HD Audio
Monitor(s) Displays
Dell U3219Q
Screen Resolution
3840 x 2160
Hard Drives
Samsung SSD 990 PRO 1TB
Crucial MX500 2 TB
Antivirus
Microsoft Defender
pseymour said:
Yeah I skipped over the "by regular means" because it's one of those phrases that sounds like it means something but doesn't.
Click to expand...
...OK 🤷‍♂️
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Pro x64i9 14900K P/E 5.8/4.5 GHz, cache 5.0 GHz96GB (2x48) G.skill Ripjaws 6800 MT/sAsus ROG Strix 4070 Ti OC
    OS
    Windows 11 Pro x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    📷🔈🎧 🪛 DIY Photoshop/Audio/Game/tinker
    CPU
    i9 14900K P/E 5.8/4.5 GHz, cache 5.0 GHz
    Motherboard
    Asus ROG Maximus Z790 Dark Hero
    Memory
    🐏 96GB (2x48) G.skill Ripjaws 6800 MT/s
    Graphics Card(s)
    Asus ROG Strix 4070 Ti OC
    Sound Card
    🔊Bowers & Wilkins 606 S3 speakers; Audiolabs 7000a integrated amp; RSL 10S Mk2 sub; Creative Pebble Pro Minimilist
    Monitor(s) Displays
    🖥️🖥️ Eizo CG2730 ColorEdge, ViewSonic VP2768
    Screen Resolution
    🖥️🖥️ 2560 x 1440p x 2
    Hard Drives
    💾 WDC SN850X 4TB nvme, SN850 1TB nvme, SK-Hynix 2 TB P41 nvme,. Sabrent USB-C DS-SC5B 5-bay docking station: 6TB WDC Black, 6TB Ironwolf Pro; 2x 2TB WDC Black HDD
    PSU
    ⚡️ 850W Seasonic Vertex PX-850 ATX 3.0/PCI-E 5.0
    Case
    Fractal Design North XL Mesh, Black Walnut
    Cooling
    ❄️ EK Nucleus black 360 AIO w/Phanteks T30-120 fans, 2 Noctua NF-A14 Chromax case fan, 1 T30-120 fan cooling memory
    Keyboard
    ⌨️ Keychron Q3 Max TKL with custom GMK Redsuns Red Samuri keycaps, TX Stabs
    Mouse
    🖱️ Logitech G305 wireless gaming
    Internet Speed
    ⬇️ 500 Mb/s ⬆️ 12 Mb/s
    Browser
    🔥🦊 Firefox
    Antivirus
    🦺 Defender, Macrium Reflect X 🏆
    Other Info
    Phangkey Amaterasu V2 Desk Mat

  • At a glance

    Apple M1
    Computer type
    Laptop
    Manufacturer/Model
    💻 Apple 13" Macbook Pro 2020 (m1)
    CPU
    Apple M1
    Screen Resolution
    2560x1600
    Browser
    Firefox
Addressed in Antimalware Platform update 4.18.26030.3011 (April 13).
 

My Computer My Computer

At a glance

Windows 11 Pro 25H212th Gen Core i7-1260P64 GB Micron PC4-25600Intel Iris Xe Graphics
OS
Windows 11 Pro 25H2
Computer type
PC/Desktop
Manufacturer/Model
Intel NUC12WSHi7
CPU
12th Gen Core i7-1260P
Motherboard
NUC12WSBi7
Memory
64 GB Micron PC4-25600
Graphics Card(s)
Intel Iris Xe Graphics
Sound Card
on-board Realtek HD Audio
Monitor(s) Displays
Dell U3219Q
Screen Resolution
3840 x 2160
Hard Drives
Samsung SSD 990 PRO 1TB
Crucial MX500 2 TB
Antivirus
Microsoft Defender
You must log in or register to reply here.

Similar threads

Solved Update Chrome ASAP - attackers are already exploiting this nasty zero-day flaw
Replies
0
Views
787
Borg 386
Borg 386
  • Article Article
Update your Chrome to fix new actively exploited zero-day vulnerability
Replies
2
Views
3K
antspants
antspants
  • Article Article
Zero-day affecting Windows 10, Windows 11, and Windows Server lets anyone gain administrator privileges
Replies
4
Views
2K
Bree
Bree

Latest Support Threads

Latest Tutorials

Back
Top Bottom