A vindictive security researcher has publicly dropped a second Windows Defender privilege escalation exploit, less than two weeks after Microsoft scrambled to plug the first one. The vigilante is threatening to start releasing even more dangerous remote code execution exploits because Microsoft “mopped the floor with me.”
A rogue researcher, out of frustration, released a second Windows Defender exploit immediately after Microsoft patched the first vulnerability.
The privilege escalation exploit abuses Defender to overwrite system files and gain SYSTEM-level access.
The researcher threatens to release even more severe remote code execution (RCE) exploits.
The same rogue security researcher, going by the alias Nightmare-Eclipse on GitHub, who made headlines for releasing a working Windows Defender exploit as a vengeful act, just dropped another way to skin the cat.
Cybernews reported that the same researcher released the first Windows Defender exploit two weeks ago – simply running FunnyApp.exe was enough to gain SYSTEM privileges.
Microsoft later acknowledged the elevation of privilege vulnerability and patched it this week during Patch Tuesday. This bug, tracked as CVE-2026-33825, received a 7.8 out of 10 severity rating. Interestingly, Microsoft credited other security researchers, Zen Dodd and Yuanpei XU, for disclosing the bug.
New app to gain system privilegesThe hacker has now released a similar exploit, named “RedSun.” It claims to achieve the same result – if the proof of concept works, it grants System privileges to unprivileged Windows users.
The exploit once again abuses a Windows Defender bug. However, this time, the hacker also teased Microsoft’s team for flawed logic in their software.
“It's way too funny. When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that’s supposed to protect decides that it is a good idea to just rewrite the file it found again to its original location. The PoC abuses this behavior to overwrite system files and gain administrative privileges,” the repository reads.
“I think antimalware products are supposed to remove malicious files.”
The researcher also released a screenshot of their code in action – with privileges, it also posts a short poem to the terminal.
More grievances about MicrosoftWith the new exploit, the hacker also shared a detailed blog post, threatening Microsoft with more exploits.
“I didn’t want to be evil, but they are actively poking me to start releasing RCEs, which I will be doing at some point… I will personally make sure that it gets funnier every single time Microsoft releases a patch,” the hacker said on the Blogspot platform.
The attacker justifies their action as a response to Microsoft allegedly ruining their life.
“I was told personally by them that they would ruin my life, and they did,” the di