RedSun is a Windows vulnerability that exploits a flaw in Windows Defender behavior. When the antivirus detects a file with cloud threat tags, it rewrites the file to its original location instead of removing it. An attacker can abuse this to overwrite system files and gain administrative privileges on Windows 11, 10, and Server.
Safety
RedSun: System user access on Win 11/10 and Server with the April 2026 Update
Windows Defender's file recovery mechanism can be abused to overwrite system binaries and escalate privileges on Windows 11, 10, and Server—a critical flaw in antivirus-aware threat handling.
Thursday, April 16, 2026 12:00 PM UTC2 MIN READSOURCE: Hacker NewsBY sys://pipeline
Tags
safety