A critical Windows vulnerability dubbed 'RedSun' has been discovered that exploits a flaw in Windows Defender's cloud tag handling. The antivirus software incorrectly rewrites malicious files back to their original location instead of removing them, allowing attackers to overwrite system files and gain administrative privileges. This represents a severe security bypass affecting Windows 10/11 and Server systems with the April 2026 update.
Background
Windows Defender is Microsoft's built-in antivirus solution that uses cloud-based threat intelligence. Privilege escalation vulnerabilities allow attackers to gain higher-level access than originally granted, posing significant security risks.
- Source
- hackernews
- Published
- Apr 16, 2026 at 11:54 AM
- Score
- 9.0 / 10