Windows BlueHammer local public exploit privilege-escalation flaw
Vulnerability
Summary
Hide ▲
Show ▼
BlueHammer is an unpatched Windows local privilege escalation flaw now paired with public exploit code, creating immediate risk of SYSTEM or elevated-admin takeover on affected systems. The weakness is a TOCTOU and path confusion issue, and it remains a zero-day because there is no official patch. Local abuse can reach the SAM database, exposing password hashes and potentially leading to complete machine compromise.
Cases
Related Happenings
Windows cldflt.sys privilege escalation (CVE-2020-17103)
Vulnerability
First: 18.05.2026 01:30
Last: 18.05.2026 01:30
Sources 1
About this happening:
A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Windows cldflt.sys privilege escalation (CVE-2020-17103)
VulnerabilityAbout this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...
Azure Backup for AKS privilege escalation flaw
Vulnerability
First: 16.05.2026 23:55
Last: 16.05.2026 23:55
Sources 1
About this happening:
A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...
Azure Backup for AKS privilege escalation flaw
VulnerabilityAbout this happening: A **critical Azure Backup for AKS** privilege-escalation flaw was independently validated, exposing Kubernetes clusters to **cluster-admin** takeover from the low-privileged **Bac...
Windows 11 BitLocker bypass YellowKey security flaw
Vulnerability
First: 14.05.2026 10:27
Last: 14.05.2026 10:27
Sources 1
About this happening:
**YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...
Windows 11 BitLocker bypass YellowKey security flaw
VulnerabilityAbout this happening: **YellowKey** is a **Windows BitLocker security feature bypass** tracked as **CVE-2026-45585** that can expose **BitLocker-protected drives** through the **Windows Recovery Enviro...
Latest development: 20.05.2026 10:31
Microsoft assigned CVE-2026-45585 to YellowKey, a Windows BitLocker security feature bypass, and recommended removing autofstx.exe from the Session Manager BootExecute REG_MULTI_SZ value, reestablishing BitLocker trust for WinRE, and moving already encrypted devices from TPM-only to TPM+PIN to require a pre-boot PIN.
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Windows RPC PhantomRPC local privilege escalation flaw
Vulnerability
First: 28.04.2026 14:31
Last: 28.04.2026 14:31
Sources 1
About this happening:
**PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...
Windows RPC PhantomRPC local privilege escalation flaw
VulnerabilityAbout this happening: **PhantomRPC** in **Windows RPC** can let a local attacker elevate to **System** across **all Windows versions**, creating a high-impact privilege-escalation path. The flaw abuses...
Timeline
-
23.04.2026 14:05 1 articles · 1mo ago
CISA orders U.S. agencies to patch BlueHammer
Legal Policy Action UpdateCISA added CVE-2026-33825, known as BlueHammer, to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to patch Windows and Microsoft Defender systems within two weeks, with remediation due by May 7, after evidence that attackers were exploiting the flaw in zero-day attacks.
Show sources
- CISA orders feds to patch BlueHammer flaw exploited as zero-day — www.bleepingcomputer.com — 23.04.2026 14:05
-
06.04.2026 22:19 1 articles · 1mo ago
Chaotic Eclipse publishes BlueHammer exploit code
Initial DisclosureA researcher using the alias Chaotic Eclipse published BlueHammer exploit code in a GitHub repository under the name Nightmare-Eclipse, making public an unpatched Windows privilege escalation flaw with no official Microsoft patch available at the time.
Show sources
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit — www.bleepingcomputer.com — 06.04.2026 22:19
-
06.04.2026 22:19 1 articles · 1mo ago
Analyst confirms BlueHammer privilege escalation impact
Technical Analysis UpdateSecurity analyst Will Dormann confirmed that BlueHammer is a local privilege escalation in Windows that combines TOCTOU and path confusion, can expose the Security Account Manager (SAM) database with local-account password hashes, and may let a local attacker escalate to SYSTEM or elevated administrator privileges; testers also said it did not work reliably on Windows Server.
Show sources
- Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit — www.bleepingcomputer.com — 06.04.2026 22:19