Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

EDR-Freeze user-mode race condition against Windows Error Reporting and MiniDumpWriteDump

Technical Analysis
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

Researchers demonstrated EDR-Freeze, a user-mode race condition that can freeze EDR and antivirus processes on Windows 11 24H2, weakening endpoint defenses without a vulnerable driver. The technique abuses Windows Error Reporting (WER), WerFaultSecure, and MiniDumpWriteDump to leave security tools in a suspended state.

Related Happenings

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Linux kernel Dirty Frag and Copy Fail 2 privilege escalation (multiple vulnerabilities)

Vulnerability
First: 11.05.2026 11:15 Last: 11.05.2026 11:15 Sources 1

About this happening: A newly disclosed **Linux kernel** local privilege-escalation flaw, **Dirty Frag and Copy Fail 2**, can let an unprivileged user reach **root** on affected systems. The bug chains...

Open Happening

Windows Task Host link-following privilege escalation (CVE-2025-60710)

Vulnerability
First: 15.04.2026 17:51 Last: 15.04.2026 17:51 Sources 1

About this happening: CISA added **CVE-2025-60710** to its actively exploited catalog after finding a **Windows Task Host** link-following flaw that can let **local attackers** escalate to **SYSTEM** o...

Open Happening

GPUBreach GPU Rowhammer research enables GDDR6 page-table corruption and privilege escalation

Technical Analysis
First: 07.04.2026 00:44 Last: 07.04.2026 00:44 Sources 1

About this happening: **GPUBreach** research shows **Rowhammer** bit flips in **GDDR6** can corrupt **GPU page tables**, creating a path to **arbitrary GPU memory read/write** and potential **full syst...

Open Happening

EDR killer BYOVD analysis finds 54 tools abusing 34 vulnerable drivers

Technical Analysis
First: 19.03.2026 20:52 Last: 19.03.2026 20:52 Sources 1

About this happening: **54 EDR killers** were found abusing **BYOVD** through **34 vulnerable drivers**, showing how ransomware operators can **disable endpoint defenses** before encryption. The findin...

Open Happening

Timeline

  1. 22.09.2025 20:07 2 articles · 8mo ago

    TwoSevenOneThree demonstrates EDR-Freeze against Windows security tools

    Initial Disclosure

    Security researcher TwoSevenOneThree (Zero Salarium) demonstrated EDR-Freeze, a user-mode technique that uses Windows Error Reporting (WER), WerFaultSecure, and MiniDumpWriteDump to suspend EDR and antivirus processes without a vulnerable driver. The proof-of-concept was tested on Windows 11 24H2 and successfully froze the Windows Defender process by racing WerFaultSecure so the target remained in a suspended, hibernation-like state. The technique is described as a design weakness in legitimate Windows components, and defensive guidance includes monitoring WER activity that points to sensitive processes such as LSASS or security tools, restricting suspicious dump invocations, and limiting parameters or PID targets.

    Show sources
    Open in new tab