EXPERTS published unpatched Windows zero-day BlueHammer, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, according to Bleeping Computer. A disgruntled researcher privately reported the vulnerability to Microsoft but criticised how the Microsoft’s Security Response Center managed the disclosure process, and on April 3rd the expert published the BlueHammer exploit on GitHub under the alias Nightmare-Eclipse.
Microsoft hasn’t released a patch, so the flaw remains a zero-day and leaves Windows systems open to potential attacks. Popular cybersecurity expert Will Dormann confirmed that the BlueHammer exploit works, describing it as a local privilege escalation flaw combining TOCTOU and path confusion. The exploitation is not easy, but it can let a local attacker access the Security Account Manager database with password hashes, enabling escalation to SYSTEM privileges and potential full compromise of the machine.
Dormann noted comments on MSRC handling and suggested the issue reflects changes in Microsoft’s disclosure process. Even though BlueHammer requires local access, attackers could reach systems via social engineering, stolen credentials, or by exploiting other vulnerabilities.