Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV order for BlueHammer patching

Public Sector Action
First reported
Last updated
Happening score
H score 53
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered Federal Civilian Executive Branch agencies to patch Windows systems against CVE-2026-33825 within two weeks after adding the flaw to the KEV Catalog. The bug affects Microsoft Defender and can let a low-privileged local attacker reach SYSTEM on unpatched devices. The directive lands while the flaw is already linked to zero-day attacks.

Related Happenings

Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)

Vulnerability
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...

Open Happening

Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498

Security Patch Release
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...

Latest development: 21.05.2026 12:52

Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.

Open Happening

Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)

Advisory/Mitigation
First: 20.05.2026 10:31 Last: 20.05.2026 10:31 Sources 1

About this happening: Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...

Open Happening

Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office

Target Trend
First: 19.05.2026 17:00 Last: 19.05.2026 17:00 Sources 1

About this happening: Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...

Open Happening

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Timeline

  1. 23.04.2026 14:05 1 articles · 1mo ago

    Microsoft patches BlueHammer in Patch Tuesday updates

    Mitigation Patch Update

    Microsoft patched CVE-2026-33825, dubbed BlueHammer, on April 14 as part of Patch Tuesday after a security researcher using the Chaotic Eclipse handle published proof-of-concept exploit code. The flaw in Microsoft Defender lets low-privileged local attackers gain SYSTEM permissions on unpatched Windows devices through an insufficient granularity of access control weakness.

    Show sources
    Open in new tab
  2. 23.04.2026 14:05 1 articles · 1mo ago

    Huntress observes active BlueHammer exploitation

    Exploitation Observed

    Huntress Labs said on April 16 that attackers had been exploiting these zero-days in attacks showing hands-on-keyboard threat actor activity. The compromised environment also showed suspicious FortiGate SSL VPN access, including a source IP geolocated to Russia and additional suspicious infrastructure in other regions.

    Show sources
    Open in new tab
  3. 23.04.2026 14:05 2 articles · 1mo ago

    CISA adds BlueHammer to KEV and orders federal patching

    Legal Policy Action Update

    CISA added BlueHammer, CVE-2026-33825, to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch agencies to patch affected Windows systems within two weeks, until May 7. CISA warned that the vulnerability is a frequent attack vector for malicious cyber actors and advised agencies to apply vendor mitigations or discontinue use of the product if mitigations are unavailable.

    Show sources
    Open in new tab