WTF?! Microsoft Defender Antivirus is designed to serve as the first line of defense for countless Windows systems, protecting PCs from malware and other threats. However, according to a recent vulnerability disclosure, Windows' native antivirus tool may not be as effective at doing its job as intended – and Microsoft appears largely unconcerned.
A security researcher known as Chaotic Eclipse recently disclosed a vulnerability dubbed "Red Sun" affecting Microsoft Defender Antivirus. While criticizing Microsoft's handling of the issue, Chaotic Eclipse explained that their proof-of-concept code could potentially be used to bypass Defender's protections. The researcher also claimed that malicious actors have already begun attempting to exploit the issue.
The Red Sun flaw reportedly stems from unusual behavior in Defender when handling potentially malicious files marked with a "cloud" tag. According to the researcher, the antivirus may, under certain conditions, restore or rewrite such files to their original location on the volume. The PoC demonstrates how this behavior could be abused to overwrite system files and potentially escalate privileges.
"I think anti-malware products are supposed to remove malicious files not be sure they are there but that's just me," remarked Chaotic Eclipse.
Earlier this month, the researcher also disclosed another zero-day exploit, named BlueHammer. He stated that the Microsoft Security Response Center was unwilling to classify the flaw as a significant security issue, which led him to publicly release the proof-of-concept code.
In a more recent post about Red Sun, Chaotic Eclipse claimed that his relationship with the MSRC team has further deteriorated. He alleged that Microsoft developers are now actively targeting him and engaging in what he described as "childish" behavior intended to undermine him.
"It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision," he said.
Chaotic Eclipse has accused Microsoft security staff of undermining parts of the security research community, rather than supporting independent researchers attempting to report vulnerabilities. He also referenced earlier disclosures in which other researchers reportedly expressed frustration with MSRC's handling of certain reports.
Regardless, the Red Sun exploit is considered a legitimate security issue that the community is actively discussing. Researchers have also identified potential in-the-wild threats targeting BlueHammer, Red Sun, and a third vulnerability named UnDefend.
Chaotic Eclipse discovered Red Sun while analyzing the CVE-2026-33825 patch Microsoft released in this month's Patch Tuesday update. Microsoft is expected to issue further patches to address related issues as they are identified, even as debate continues within the security community about MSRC's handling of disclosures.
Some researchers argue that users should rely on third-party antivirus solutions rather than Microsoft Defender, though opinions vary widely on this topic. Chaotic Eclipse also mentioned a preference for Bitdefender Antivirus Free, describing it as a lightweight, Europe-based security product built on a widely used anti-malware engine.