According to a cybersecurity firm, during the past two weeks, a dissatisfied security researcher’s Windows vulnerabilities have been used by hackers to gain access to at least one organization.
In a series of posts on X on Friday, cybersecurity firm Huntress revealed that its researchers have observed hackers exploiting three Windows security vulnerabilities known as BlueHammer, UnDefend, and RedSun.
Both the hackers and the attack’s target are unknown.
Out of the three exploited vulnerabilities, only BlueHammer has been patched by Microsoft thus far.Earlier this week, a BlueHammer patch was released.
The hackers seem to be utilizing exploit code that the security researcher posted online to take advantage of the vulnerabilities.
A researcher going by the name Chaotic Eclipse posted what they claimed to be code to take advantage of an unpatched Windows vulnerability on their blog earlier this month. The researcher hinted that sharing the code was motivated by a disagreement with Microsoft.
They wrote, “I was not bluffing Microsoft, and I am doing it again.They went on to say, “Huge thanks to MSRC leadership for making this happen,” referring to Microsoft’s Security Response Center, the organization’s team that looks into cyberattacks and responds to vulnerability reports.
UnDefend was released by Chaotic Eclipse a few days later, while RedSun was released earlier this week.On their GitHub page, the researcher posted code to take advantage of all three flaws.
A hacker can obtain administrator or highlevel access to a compromised Windows PC thanks to all three flaws in Microsoft’s antivirus program, Windows Defender.
Chaotic Eclipse was not reachable by TechCunch for comment.
Microsoft supports “coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community,” according to a statement released in response to a series of specific questions.
This is an example of “full disclosure,” as used in the cybersecurity sector.When a bug is discovered, researchers can notify the affected software developer so they can address it. At that stage, if the vulnerability is real, the organization typically attempts to repair it after acknowledging receipt. A timeline that specifies when the researcher can publicly present their findings is frequently agreed upon by the company and researchers.
Sometimes, for a variety of reasons, that communication fails, and researchers reveal the bug’s specifics to the public.Sometimes researchers go so far as to publish “proof-of concept” code that can exploit a defect in order to demonstrate its presence or seriousness.
Cybersecurity defenders have to act quickly to handle the aftermath since cybercriminals, government hackers, and others can then utilize the code for their assaults.
With things being so readily available now, and already weaponized for easy usage, for better or worse, I think that ultimately puts us in another tug-of-war match between defenders and cybercriminals,” Huntress researcher John Hammond, who has been following the issue, told TechCrunch.
These kinds of situations put us in a race with our opponents; defenders work feverishly to guard against malicious actors that quickly exploit these vulnerabilities, particularly given that they are just ready-made attacker tools,” stated Hammond.
Leave feedback about this