一名带有报复心理的安全研究员公开了第二个Windows Defender权限提升利用工具,而就在不到两周前,微软刚刚紧急修复了第一个漏洞。该研究员威胁称,由于对微软的反应感到不满,将开始发布更危险的远程代码执行(RCE)漏洞。
漏洞详情与利用方式
这个权限提升利用工具滥用了Windows Defender的逻辑,通过覆盖系统文件来获取SYSTEM级别的访问权限。该研究员在GitHub上使用“Nightmare-Eclipse”作为代号,此前他因发布第一个Windows Defender漏洞利用工具而引发关注,当时仅需运行一个名为FunnyApp.exe的程序即可获得系统权限。
微软随后承认了该漏洞,并在本周的“周二补丁日”发布了针对CVE-2026-33825的补丁,其严重程度评分为7.8分(满分10分)。有趣的是,微软将该漏洞的发现归功于另外两名研究员。
新的挑战:RedSun利用工具
这名黑客现在发布了一个名为“RedSun”的类似利用工具。该程序声称能达到同样的效果——即赋予非特权用户系统权限。此次利用再次瞄准了Windows Defender的漏洞,黑客嘲讽了微软团队在软件逻辑上的缺陷:“这太可笑了。当Windows Defender意识到一个恶意文件带有云标签时,出于某种愚蠢的原因,本该保护系统的杀毒软件反而成了后门。”
A vindictive security researcher has publicly dropped a second Windows Defender privilege escalation exploit, less than two weeks after Microsoft scrambled to plug the first one. The vigilante is threatening to start releasing even more dangerous remote code execution exploits because Microsoft “mopped the floor with me.”
A rogue researcher, out of frustration, released a second Windows Defender exploit immediately after Microsoft patched the first vulnerability.
The privilege escalation exploit abuses Defender to overwrite system files and gain SYSTEM-level access.
The researcher threatens to release even more severe remote code execution (RCE) exploits.
The same rogue security researcher, going by the alias Nightmare-Eclipse on GitHub, who made headlines for releasing a working Windows Defender exploit as a vengeful act, just dropped another way to skin the cat.
Cybernews reported that the same researcher released the first Windows Defender exploit two weeks ago – simply running FunnyApp.exe was enough to gain SYSTEM privileges.
Microsoft later acknowledged the elevation of privilege vulnerability and patched it this week during Patch Tuesday. This bug, tracked as CVE-2026-33825, received a 7.8 out of 10 severity rating. Interestingly, Microsoft credited other security researchers, Zen Dodd and Yuanpei XU, for disclosing the bug.
New app to gain system privilegesThe hacker has now released a similar exploit, named “RedSun.” It claims to achieve the same result – if the proof of concept works, it grants System privileges to unprivileged Windows users.
The exploit once again abuses a Windows Defender bug. However, this time, the hacker also teased Microsoft’s team for flawed logic in their software.
“It's way too funny. When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that’s supposed to protect decides that it is a good idea to just rewrite the file it found again to its original location. The PoC abuses this behavior to overwrite system files and gain administrative privileges,” the repository reads.
“I think antimalware products are supposed to remove malicious files.”
The researcher also released a screenshot of their code in action – with privileges, it also posts a short poem to the terminal.
More grievances about MicrosoftWith the new exploit, the hacker also shared a detailed blog post, threatening Microsoft with more exploits.
“I didn’t want to be evil, but they are actively poking me to start releasing RCEs, which I will be doing at some point… I will personally make sure that it gets funnier every single time Microsoft releases a patch,” the hacker said on the Blogspot platform.
The attacker justifies their action as a response to Microsoft allegedly ruining their life.
“I was told personally by them that they would ruin my life, and they did,” the di
