Overview
- The BlueHammer exploit, which hit GitHub on Friday, was posted by a researcher using the aliases Chaotic Eclipse and Nightmare‑Eclipse after a dispute with Microsoft’s bug team.
- Security analysts, including Will Dormann, verified it as a local privilege‑escalation flaw that uses a time‑of‑check/time‑of‑use race and path confusion to reach the Security Account Manager file.
- Access to the SAM database lets an attacker pull local password hashes and then gain SYSTEM control of the device.
- The proof‑of‑concept is unreliable by design, with the author citing built‑in bugs and testers reporting failures on Windows Server.
- Microsoft has not shipped a fix and offered only a general statement about investigating reports, leaving a live zero‑day that attackers could chain from phishing, credential theft, or other footholds.