A proof-of-concept (PoC) exploit was released for a zero-day vulnerability in Microsoft Defender, identified as CVE-2026-33825, after Microsoft’s Security Response Center (MSRC) repeatedly dismissed the reported issue.
The release, shared via a PGP-signed statement, marks a significant escalation in an already contentious disclosure dispute.
The researcher, operating under the handle Nightmare-Eclipse, published the PoC tool dubbed RedSun on GitHub.
RedSun Exploit Release
The release was accompanied by a signed statement referencing an earlier exploitation framework, which had previously attracted media coverage and prompted a formal response from Microsoft.
The public release arrives despite, or arguably because of MSRC acknowledging the case.
Microsoft issued a standard statement affirming its commitment to investigating reported security issues and coordinated vulnerability disclosure, but the researcher dismissed the response as generic and performatory.
Nightmare-Eclipse stated that MSRC was fully aware of both this disclosure and the planned release of the CVE-2026-33825 PoC, yet chose not to act. According to the researcher, a case was formally filed but dismissed by the MSRC team without meaningful engagement.
“This is a very generic response, almost as if they don’t care, and they don’t,” the researcher wrote in the signed statement. “MSRC was fully aware of this public disclosure, a case was filed but was dismissed by them and they are also aware that this one will be disclosed but again, they are ignorant.”
Coordinated Disclosure Process Breaks Down
The researcher alleges that MSRC went beyond negligence, claiming to have experienced deliberate personal and professional sabotage. While specific details were withheld, the statement suggests these grievances motivated the decision to abandon the coordinated disclosure process entirely.
The disclosure also draws attention to a broader pattern. Microsoft is one of the few major technology companies with a documented history of multiple vulnerability disclosures being triggered by researcher frustration rather than standard responsible disclosure timelines.
Most critically, the researcher warned that future disclosures would include remote code execution (RCE) vulnerabilities, stating that Microsoft’s behavior was actively encouraging more severe releases.
This threat significantly raises the security stakes for organizations relying on Microsoft Defender as their primary endpoint protection solution, according to Chaotic Eclipse.
Recommendations
Security teams should take the following steps immediately:
- Apply any available patch for CVE-2026-33825 as soon as Microsoft releases one
- Monitor Microsoft’s Security Update Guide for official advisories
- Enable behavioral detection rules in endpoint detection and response (EDR) platforms
- Audit Defender configurations for anomalous activity patterns
- Restrict the exposure of systems running vulnerable Defender versions until a patch is confirmed
No Comment! Be the first one.