windowscentral[.]com/microsoft/microsoft-security-response-center-bluehammer-exploit
bleepingcomputer[.]com/news/microsoft/new-microsoft-defender-redsun-zero-day-poc-grants-system-privileges/
I spend a total of $25 a year on McAfee & Bitdefender software -- McAfee is lighter weight than Bitdefender for low powered devices. Originally I figured that since Defender is the Windows default, it was as much a target as Windows itself. Now it looks like *maybe* Defender itself has fallen behind because of cut backs at Microsoft. It makes sense... Microsoft is about corporate clients, Not us poor consumers, and it sells those corporate clients network-based AI security solutions, never pretending that Defender alone would/could protect them.
Will Dormann [principal vulnerability analyst at Tharros] posts that Microsoft's Security Response Center [MSRC] "... fired the skilled people, leaving flowchart followers." This comes to light as a security researcher, calling themselves Chaotic Eclipse, tried and failed to engage with MSRC about a just discovered vulnerability in Defender that led to complete system takeover. Allegedly the folks at MSRC retaliated, so Chaotic Eclipse released the exploit's code along with a sample app proving it works. Microsoft sorta fixed it with April's patch -- the exploit still works, but the file it targeted is now unavailable. And now Chaotic Eclipse has released another Defender-based exploit that's been proven to work.