Microsoft ignores vulnerabilities in Windows that a researcher identified – they are now being exploited by hackers

Windows Vulnerability Code Spills into the Wild – Hackers Already Using It

A security researcher known as Chaotic Eclipse recently posted on GitHub the source code for exploiting an unpatched vulnerability in the Windows operating system. He did so after Microsoft failed to respond to his issue report.

What Huntress Found
According to TechCrunch, the Huntress team documented active use of three vulnerabilities:

All three breaches enable attackers to elevate their permissions to administrator level and control the affected computers.

How the Code Appeared
Chaotic Eclipse uploaded an executable script to GitHub, stating:

> “I didn’t bluff Microsoft, and I’m doing it again… Huge thanks to the MSRC leadership for making this possible.”

He was referring to Microsoft's Cybersecurity Response Center (MSRC), which investigates vulnerability reports.

Microsoft Patches
At present, Microsoft has released a patch only for BlueHammer – the fix appeared this week. The UnDefend and RedSun vulnerabilities remain unpatched, continuing to threaten user system security.

Who’s Behind the Attacks?
It is still unknown who exactly is using the published code or which organizations have become victims. The identities of the hackers and their motives have not been disclosed.

Industry Reaction
- John Hammond (Huntress researcher) emphasized: “Having ready-made tools for attacks turns defense into a draining race with criminals.”

- Ben Hope (Microsoft representative) replied that the company supports coordinated vulnerability disclosure and aims to address issues before they are publicly revealed.

Thus, while part of the vulnerability has already been fixed, two others remain open, and hackers are already using the published code. Users should monitor Microsoft updates and apply patches promptly.