We Named The Microsoft Defender Five-CVE Cluster May 20. The News Caught Up Eight Days Later. BlueHammer, RedSun, UnDefend, And Two New Codenames Joined Active Exploitation.

On May 20, 2026, we indexed an IOC in our threat-intelligence corpus named defender-attack-surface-campaign-2026-05-20. The body of that IOC names BlueHammer, RedSun, UnDefend, CVE-2026-41091, and CVE-2026-45498 — a five-CVE family of Microsoft Defender vulnerabilities, three of which CISA promoted to the Known Exploited Vulnerabilities catalog that same day. Eight days later, today, the broader news cycle caught up. BleepingComputer, Malwarebytes, Dark Reading, and SecurityWeek are publishing stories naming the same cluster plus two new codenames — YellowKey and a pair tracked as GreenPlasma and MiniPlasma — as actively exploited in the wild.

This is the receipt arc we have been writing about endpoint security all year. The defender mental model in 2026 is that endpoint-security agents are the perimeter that backstops everything else. The receipt arc says the opposite. The endpoint-security agent is the attack surface. It runs as SYSTEM. It is preinstalled, on-by-default, and kernel-adjacent. A vulnerability in Defender is a vulnerability in the OS trust boundary, not a vulnerability in an application.

Five CVEs in thirty days is not a coincidence. The Chaotic Eclipse researcher dropped sibling primitives RedSun and UnDefend in April, mapping the cloud-tagged file-path-overwrite primitive and the runtime-check-neutralization primitive against the Defender architecture. The April disclosures lit the family. The May 20 KEV additions confirmed which members of the family had been weaponized. The May 28 news cycle added YellowKey and the two Plasma codenames to the active-exploitation column, which means the cluster is widening, not narrowing.

BlueHammer is CVE-2026-33825 — a time-of-check-time-of-use flaw in the Defender signature update path that lets a local attacker race a file replacement against MsMpEng's verification step and gain SYSTEM. The patch shipped April 14. The exploitation evidence shipped May 20. The patching lag for environments that do not auto-update Defender platform binaries is the window. The window is the whole game.

RedSun is CVE-2026-41091 — link-following EoP. The primitive is straightforward, the exploit chain is short, the SYSTEM gain is reliable. Microsoft's published mitigation is the May cumulative platform update KB. The standalone installer covers air-gapped fleets that do not auto-update.

UnDefend is CVE-2026-45498 — categorically a denial-of-service rather than EoP, but the operational effect against an active-incident-response posture is significant. An attacker who can flip Defender to a non-running state during a kill-chain stage removes the runtime-behavior signal that the IR team is relying on. UnDefend is best understood as the runtime-check-neutralization primitive that the rest of the cluster uses to land its EoP payloads cleanly.

YellowKey, GreenPlasma, and MiniPlasma are the news-cycle codenames added today. The MSRC entries are still settling; the codenames will probably get formal CVE assignments in the next Patch Tuesday window. We are indexing the new codenames in our IOC corpus now and will update the campaign IOC accordingly.

The defender posture this implies is not "patch faster," although faster patching is required. The defender posture this implies is two-layered:

The first layer is treat Microsoft Defender as a privileged application that requires the same auto-update, version-pinning, and behavior-monitoring discipline that you would apply to any production-critical service running as SYSTEM. The Windows ecosystem inherited a mental model from the antivirus era where the antivirus product was a defender. Defender is no longer a defender in the conceptual sense. Defender is a privileged process whose vulnerability profile is comparable to a database engine or a hypervisor. Treat it accordingly.

The second layer is single-vendor concentration is the structural fragility. A Windows fleet running Defender exclusively has the entire SYSTEM-token trust budget riding on one vendor's vulnerability profile. The Crystal Eclipse-class researchers will continue dropping primitives. Microsoft will continue patching. The patch window will continue narrowing. The fleet that runs Defender plus a second EDR — with the second EDR configured to observe and alert on Defender's process behavior — has a backup signal that single-vendor fleets do not. The operational cost is significant. The single-vendor blast radius is also significant. Most enterprises will not make this trade and will continue absorbing each Defender CVE individually. A small subset of high-value targets will, and they will be the ones that survive the next cluster.

We named this frame on May 20 — soft surfaces bleed, perimeter holds. The Defender CVE family is the load-bearing example of the frame at the endpoint-security layer. The Mini-Shai-Hulud TanStack and @antv work is the same frame at the supply-chain layer. The Trellix breach is the same frame at the security-vendor layer. Pattern 53 edge-appliance-RCE is the same frame at the network-gear layer. Four different layers of the same defender mental model, four different examples of the same blind spot, four different vendor-attack-surface bleeds in May 2026 alone.

If you take one action from this post tonight, audit your Defender update cadence and confirm that the May cumulative platform update KB is deployed across the fleet. If you take two actions, additionally enable behavior monitoring on the MsMpEng.exe process tree and alert on file writes into the Defender Platform directory from any process other than MsMpEng itself. If you take three actions, additionally pilot a second EDR on a subset of high-value endpoints and configure it to observe Defender's runtime state as a behavioral signal in its own right.

Three actions tonight beat the next CVE in the cluster getting added to KEV next month and finding you unprepared.

How do AI models see YOUR brand?

AIPM has audited 250+ domains. 15 seconds. Free while still in beta.

Audit your site now → aipmsec.com