RedSun: System user access on Win 11/10 and Server with the April 2026 Update

I wonder why Windows Defender has the privilege to alter the system files. Read them for analysis? Sure! Reset (as in, call some windows API to have it replaced with the original), why not? But being able to write sounds like a bad idea.

However, I don't know what I'm talking about so take it with a grain of salt!

A local privilege escalation to root via an exploitable service?

Doesn't Linux have one of these CVEs...each week?

> normally I would just drop the PoC code and let people figure it out

Looks like that's exactly what they did though?

Or maybe they just meant that they don't usually explain how it works?