CISA KEV order for BlueHammer patching
Public Sector Action
Summary
Hide ▲
Show ▼
CISA ordered Federal Civilian Executive Branch agencies to patch Windows systems against CVE-2026-33825 within two weeks after adding BlueHammer to the Known Exploited Vulnerabilities (KEV) Catalog. The flaw affects Microsoft Defender and can let a low-privileged local attacker escalate to SYSTEM on unpatched devices. The directive landed while the issue was already tied to zero-day attacks and later flagged as exploited in ransomware campaigns.
Related Happenings
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation Wave
H score41
First: 30.06.2026 11:53
Last: 30.06.2026 11:53
Sources 1
How related:
CISA has now also flagged it as exploited in ransomware campaigns in a Monday update to its KEV Catalog.
About this happening:
CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation WaveHow related: CISA has now also flagged it as exploited in ransomware campaigns in a Monday update to its KEV Catalog.
About this happening: CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch Release
H score32
First: 17.06.2026 20:36
Last: 17.06.2026 20:36
Sources 1
About this happening:
**Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch ReleaseAbout this happening: **Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Latest development: 09.07.2026 11:48
Microsoft released security updates for CVE-2026-50656, remediating the RoguePlanet privilege-escalation flaw in Microsoft Malware Protection Engine (mpengine.dll) with version 1.1.26060.3008 and additional defense-in-depth updates. Microsoft said no customer action is required to install the update.
Microsoft Malware Protection Engine race-condition elevation-of-privilege remote code execution flaw (CVE-2026-50656)
Vulnerability
H score32
First: 17.06.2026 11:32
Last: 17.06.2026 11:32
Sources 1
About this happening:
**Microsoft** has released a security update for **CVE-2026-50656** after public disclosure of **RoguePlanet**, a **privilege-escalation** flaw in the **Microsoft Malware Protecti...
Microsoft Malware Protection Engine race-condition elevation-of-privilege remote code execution flaw (CVE-2026-50656)
VulnerabilityAbout this happening: **Microsoft** has released a security update for **CVE-2026-50656** after public disclosure of **RoguePlanet**, a **privilege-escalation** flaw in the **Microsoft Malware Protecti...
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
Vulnerability
H score39
First: 10.06.2026 02:11
Last: 10.06.2026 02:11
Sources 1
About this happening:
Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
VulnerabilityAbout this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Latest development: 10.06.2026 08:22
The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector Action
H score38
First: 26.05.2026 13:30
Last: 26.05.2026 13:30
Sources 1
About this happening:
**CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
CERT-In issues 12-hour patch guidance for Indian organizations
Public Sector ActionAbout this happening: **CERT-In** published new guidance on **May 25** urging Indian organizations to patch **actively exploited internet-facing vulnerabilities** within **12 hours**, tightening respon...
Timeline
-
23.04.2026 14:05 1 articles · 2mo ago
Microsoft patches BlueHammer in Patch Tuesday updates
Mitigation Patch UpdateMicrosoft patched CVE-2026-33825, dubbed BlueHammer, on April 14 as part of Patch Tuesday after a security researcher using the Chaotic Eclipse handle published proof-of-concept exploit code. The flaw in Microsoft Defender lets low-privileged local attackers gain SYSTEM permissions on unpatched Windows devices through an insufficient granularity of access control weakness.
Show sources
- CISA orders feds to patch BlueHammer flaw exploited as zero-day — www.bleepingcomputer.com — 23.04.2026 14:05
-
23.04.2026 14:05 1 articles · 2mo ago
Huntress observes active BlueHammer exploitation
Exploitation ObservedHuntress Labs said on April 16 that attackers had been exploiting these zero-days in attacks showing hands-on-keyboard threat actor activity. The compromised environment also showed suspicious FortiGate SSL VPN access, including a source IP geolocated to Russia and additional suspicious infrastructure in other regions.
Show sources
- CISA orders feds to patch BlueHammer flaw exploited as zero-day — www.bleepingcomputer.com — 23.04.2026 14:05
-
23.04.2026 14:05 3 articles · 2mo ago
CISA adds BlueHammer to KEV and orders federal patching
Legal Policy Action UpdateCISA added BlueHammer, CVE-2026-33825, to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch agencies to patch affected Windows systems within two weeks, until May 7. CISA warned that the vulnerability is a frequent attack vector for malicious cyber actors and advised agencies to apply vendor mitigations or discontinue use of the product if mitigations are unavailable.
Show sources
- CISA orders feds to patch BlueHammer flaw exploited as zero-day — www.bleepingcomputer.com — 23.04.2026 14:05
- CISA orders feds to patch BlueHammer flaw exploited as zero-day — www.bleepingcomputer.com — 23.04.2026 14:05
- CISA: Windows BlueHammer flaw now exploited by ransomware gangs — www.bleepingcomputer.com — 30.06.2026 11:53