Hackers have exploited three Windows security flaws, dubbed BlueHammer, UnDefend, and RedSun, that were published online by a researcher over the last two weeks. Cybersecurity firm Huntress has confirmed that at least one organization has been breached using these vulnerabilities. The researcher, Chaotic Eclipse, had published code to exploit the bugs on their GitHub page, allowing hackers to gain high-level access to affected Windows computers.
Microsoft has already patched one of the bugs, BlueHammer, but the other two, UnDefend and RedSun, remain unpatched. Chaotic Eclipse published the vulnerabilities after alluding to a conflict with Microsoft's Security Response Center (MSRC) in their blog post. The researcher claimed they were not bluffing Microsoft and hinted at further disclosures.
The cybersecurity industry considers this case of "full disclosure," where researchers publicly disclose details of a bug, often as a last resort when communication breaks down between the company and researcher. John Hammond, a researcher at Huntress, warned that the easily available exploit code could trigger a "tug-of-war" between defenders and cybercriminals.
The breach highlights the risks associated with full disclosure and the potential consequences for organizations and individuals affected by these vulnerabilities. The researcher's decision to publish the code has put cybersecurity professionals in a difficult position as they rush to protect against ill-intentioned actors who are rapidly taking advantage of the exploits.
