In brief: Ransomware gangs are exploiting the BlueHammer vulnerability in Microsoft Defender for privilege escalation, putting Windows systems at widespread risk.
The US agency CISA confirmed that ransomware groups are actively exploiting a privilege escalation flaw in Microsoft Defender, known as BlueHammer. The vulnerability had previously been used in zero-day attacks.
The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Monday the active exploitation of the BlueHammer vulnerability by ransomware groups. The flaw enables privilege escalation in Microsoft Defender and had previously been deployed in zero-day attacks.
For CISOs, confirmation of widespread exploitation by organized threat actors represents an immediate threat to Windows-based infrastructures. Ransomware groups typically use such privilege escalations to perform lateral movement or to hide their malware from security tools — a standard tactical building block of modern extortion attacks.
Delayed remediation or inadequate patching processes for this known vulnerability significantly increases operational risk, particularly in critical infrastructures and for organizations that are high-priority targets for ransomware attacks.
Source: www.bleepingcomputer.com · Published 30 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.