THE Dark Reading piece reports that a PoC exploit for a Windows zero-day, dubbed “BlueHammer,” was published by a researcher using the alias Chaotic Eclipse, with a blog post on 2 April and a companion X post claiming the vulnerability remained unpatched.
According to RH-ISAC, the zero-day combines a time-of-check to time-of-use race condition and path confusion in Windows Defender’s signature update system, enabling a local user to access the SAM database, obtain password hashes, and potentially gain administrator rights via pass-the-hash, giving attackers full system control. Researchers have described the PoC as legitimate, but there is uncertainty about how exploitable it will be in practice, with some noting it works on desktops but not on Windows Server.
The article quotes Dustin Childs of Zero Day Initiative and Will Dormann of Tharros, who suggest mitigations and platform differences may affect reliability, and acknowledge that the author’s notes concede the exploit may have flaws that will be fixed later. Microsoft, according to MSRC statements, emphasises a commitment to coordinated vulnerability disclosure and patching to protect customers.