· 1 min read

Breaking: CISA Orders Federal Agencies to Patch Microsoft Defender Zero-Day (BlueHammer)

CISA issues emergency directive for federal agencies to patch Microsoft Defender zero-day flaw BlueHammer, actively exploited in the wild.

Breaking News — April 23, 2026

CISA has issued an emergency directive ordering all U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw dubbed BlueHammer that has been actively exploited in zero-day attacks.

Key Details

  • Vulnerability: Microsoft Defender privilege escalation
  • Nickname: BlueHammer
  • Status: Actively exploited as zero-day
  • Action: CISA emergency patch directive for federal agencies

Impact

The flaw allows attackers to escalate privileges on systems running Microsoft Defender, potentially giving them full control over compromised endpoints. Active exploitation means threat actors are already using this in the wild.

Federal agencies are required to apply patches immediately under CISA's binding operational directive authority.

Source: BleepingComputer / CISA

More from the Blog

Breaking: UK Warns of Chinese Hackers Using Hijacked Consumer Device Botnets

NCSC-UK warns China-linked hackers are using botnets of hijacked home routers and smart devices to hide malicious activity and evade detection.

Read more

Breaking: New GopherWhisper APT Abuses Outlook, Slack, Discord for Espionage

New state-backed APT GopherWhisper discovered using Go-based toolkit and legitimate platforms (Outlook, Slack, Discord) to target government entities.

Read more