Skip to content

Microsoft Rushes to Patch RoguePlanet Zero-Day Vulnerability in Microsoft Defender

Microsoft has confirmed that it’s working on a security patch for the RoguePlanet zero-day vulnerability in Microsoft Defender. The vulnerability affects fully patched Windows 10 and Windows 11 devices, allowing attackers to spawn command prompts with SYSTEM privileges via a Microsoft Defender race condition.

The security researcher who published a RoguePlanet exploit during the June 2026 Patch Tuesday (known as Nightmare Eclipse) shared a proof-of-concept exploit in a self-hosted Git repository. The PoC for RoguePlanet works regardless if real-time protection is on or not, according to the researcher.

Microsoft has assigned the CVE-2026-50656 ID to this security flaw and confirmed it’s currently working on a patch. However, the company didn’t acknowledge that Nightmare Eclipse was the one who found the vulnerability. Instead, Microsoft referred to it as an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender.

The RoguePlanet release is part of an ongoing dispute between Nightmare Eclipse and Microsoft over the latter’s bug bounty and vulnerability disclosure practices. The researcher has publicly leaked multiple Windows zero-day exploits in recent months, including for the BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend flaws.

Microsoft fixed the GreenPlasma, MiniPlasma, and YellowKey flaws last week as part of the June 2026 Patch Tuesday updates. The company’s actions have led cybersecurity experts and researchers to believe that Microsoft is threatening the researcher with legal action for engaging in responsible disclosure practices.

The RoguePlanet vulnerability highlights the ongoing tension between Microsoft and Nightmare Eclipse. While Microsoft has acknowledged the existence of the flaw, it has not provided any details on how the vulnerability was discovered or exploited. The lack of transparency has raised concerns among cybersecurity experts, who argue that Microsoft’s response to the vulnerability is inadequate.

In a statement, Microsoft said that it takes all reported vulnerabilities seriously and is working to address the issue as quickly as possible. However, the company did not provide any further information on the status of the patch or when it can be expected.

The RoguePlanet vulnerability affects Windows 10 and Windows 11 devices running fully patched versions of Microsoft Defender. The vulnerability allows attackers to spawn command prompts with SYSTEM privileges, which can lead to a range of malicious activities, including data theft and system compromise.

Cybersecurity experts have expressed concerns that the RoguePlanet vulnerability is not an isolated incident, but rather a symptom of a larger issue with Microsoft’s bug bounty program. The company has been criticized for its handling of vulnerabilities in recent months, with some researchers accusing Microsoft of threatening them with legal action for engaging in responsible disclosure practices.

The RoguePlanet vulnerability serves as a reminder that cybersecurity is a complex and ever-evolving field. As new threats emerge, it’s essential for companies like Microsoft to prioritize transparency and collaboration with the security research community. By doing so, they can work together to address vulnerabilities and improve the overall security of their products.

Source: Original article

Leave a Reply

Your email address will not be published. Required fields are marked *