TOCTOU

BlueHammer: Unpatched Windows Defender Zero-Day Turns Definition Updates Into SYSTEM Shells

A disgruntled researcher leaked BlueHammer, a Windows Defender LPE zero-day that chains TOCTOU race conditions with Cloud Files oplocks to dump SAM hives and escalate to SYSTEM. No patch available.