Learn about the RedSun zero-day vulnerability affecting Windows 10, 11, and Server 2019, involving the Cloud Files API and potential system control.
© E. Vartanyan
A security researcher using the alias Chaotic Eclipse has disclosed a new zero-day vulnerability in Windows, dubbed RedSun. The decision to go public stems from dissatisfaction with the Microsoft Security Response Center (MSRC), which the researcher claims responds too slowly to private reports of such issues.
This researcher previously exposed another vulnerability called BlueHammer. After public disclosure, experts confirmed it, and Microsoft later patched it in a regular security update under identifier CVE-2026-33825. According to the researcher, this experience demonstrated that public disclosure speeds up the company's response.
The new RedSun vulnerability affects Windows 10, Windows 11, and Windows Server 2019. It involves the Cloud Files API and exploits a race condition during file processing. An attacker can replace a file while the system is already handling it, injecting malicious code.
What makes this particularly dangerous is that the replaced file can masquerade as a system component. Since these components run with SYSTEM privileges, the malicious code effectively gains full control over the system, allowing privilege escalation and execution of any actions on behalf of the OS.
At the time of RedSun's disclosure, Microsoft has not yet released an official fix. Experts warn that the vulnerability could pose a serious threat and advise users to monitor security updates closely.