BlueHammer is an unpatched, publicly released Windows local privilege escalation exploit that chains Microsoft Defender's update workflow, Volume Shadow Copy, Cloud Files callbacks, and opportunistic locks to reach NT AUTHORITY\SYSTEM from a standard user account.