🔴 Hackers are using Microsoft Defender to take over Windows machines… and two exploits still have no patch

This one is genuinely nasty.

Three zero-day vulnerabilities in Microsoft Defender were publicly disclosed and exploited in April, nicknamed BlueHammer, RedSun, and UnDefend. Security firm Huntress confirmed all three have been used in real attacks, with BlueHammer active since at least April 10. The attacker entry point in the observed case was a compromised VPN account, after which the attackers used these exploits to escalate to full system-level control of the machine. SecurityWeek

BlueHammer was patched in Microsoft’s April 14 Patch Tuesday update and is now tracked as CVE-2026-33825. CISA added it to its Known Exploited Vulnerabilities catalog on April 22, ordering federal agencies to patch by May 6. BleepingComputer

The problem: RedSun and UnDefend remain unpatched. RedSun can still escalate to system level on fully updated Windows 10, 11, and Server machines where Defender is enabled (which is virtually every machine by default). UnDefend silently blocks Defender from receiving definition updates, effectively blinding the antivirus over time.

Make sure April patches are applied across all client estates for BlueHammer. For RedSun and UnDefend, watch for out-of-band patches from Microsoft. And keep an eye on behavioural alerts… particularly anything touching Defender’s update process.

🟡 90% of your clients think they could recover from a ransomware attack (the data says otherwise)

Veeam published their Data Trust and Resilience Report this month. And the headline number is one you should screenshot and send to every client who ever said “we’ve got backups, we’re fine.”

Of the 900+ senior IT and security leaders surveyed, 90% said they were confident they could recover from a cyberattack within their defined recovery targets. But among those who actually experienced a ransomware attack, only 28% fully recovered all their data. On average, organisations recovered just 72% of what was affected. Veeam

The gap between confidence and reality is your sales pitch. Not in a fear-mongering way (in a “let’s actually test your recovery and find out” way). The report found that organisations who increased their cybersecurity budgets were significantly more likely to fully recover (40% vs 16%) and were more likely to have invested in fundamentals like immutable storage and automated backups.

Backup is one of the easiest conversations for an MSP to have. This report gives you the numbers to have it properly. Something to think about over the weekend?

🟢 The MSP world just had its biggest conference ever… and the money is following

The Channel Partners Conference wrapped up in Las Vegas yesterday, and the official numbers are worth paying attention to.

The 2026 event drew a record 7,900+ registrants, with 40% attending for the first time.

The clear message from the event: billions of investment dollars are flowing into the MSP market as it evolves into an ecosystem of highly specialised, security-led and AI-focused professional service providers. Channel Partners

The next event in the series is MSP Summit in Orlando, September 28-30. Are you going? Hit reply and let us know.

Somehow we’ve reached the end of another week. That’s your MSP Minute for Friday, and we’re back in your inbox on Monday morning. Have a great weekend.