Skip to content
Tech News
← Back to articles

Microsoft working on Defender patch for RoguePlanet zero-day

2026-06-17 | original
read original more articles
Why This Matters

The discovery of the RoguePlanet zero-day vulnerability in Microsoft Defender highlights ongoing security challenges in widely used Windows security tools. Microsoft's active development of a patch underscores the importance of timely updates to protect users from potential exploitation, especially as attackers may leverage such flaws for privilege escalation. This incident emphasizes the need for continuous vigilance and rapid response in cybersecurity to safeguard consumer and enterprise systems.

Key Takeaways

Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago.

The security researcher who published a RoguePlanet exploit during the June 2026 Patch Tuesday (known as Nightmare Eclipse) said it affects fully patched Windows 10 and Windows 11 devices and allows attackers to spawn command prompts with SYSTEM privileges via a Microsoft Defender race condition.

He shared a proof-of-concept exploit in a self-hosted Git repository, claiming that Microsoft had previously targeted and removed their repos hosting exploits on GitHub and GitLab.

"The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others," Nightmare Eclipse said. "The PoC for RoguePlanet works regardless if real time protection is on or not," they added in a Tuesday update.

"Microsoft is aware of the reported vulnerability and is actively investigating the validity and potential applicability of these claims. Microsoft is committed to investigating security issues and updating impacted products to protect customers as soon as possible," a Microsoft spokesperson told BleepingComputer when asked for a statement at the time.

Now tracked as CVE-2026-50656, waiting for a patch

On Tuesday, one week after the RoguePlanet flaw was disclosed, Microsoft assigned the CVE-2026-50656 ID to this security flaw and confirmed it's currently working on a patch, but didn't acknowledge that Nightmare Eclipse was the one who found the vulnerability.

"Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as 'RoguePlanet,' it said in an advisory published yesterday. "We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available."

The RoguePlanet release is part of an ongoing dispute between Nightmare Eclipse and Microsoft over the latter's bug bounty and vulnerability disclosure practices.

Over the past several months, the researcher has publicly leaked multiple Windows zero-day exploits, including for the BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend flaws. Some of these zero-days affect Microsoft Defender, while others target BitLocker and Windows components.

... continue reading

Explore topics: eclipse microsoft nightmare nightmare eclipse patch
Related:
Windows and Linux users: The deadline to update Secure Boot keys is near
SpaceX gains 3% after surpassing Amazon in market cap
Microsoft confirms Office apps launch issues after June updates
Humiliating IIS servers for fun and jail time
Microsoft Mulls China’s DeepSeek for Copilot, Probably to Trump’s Chagrin

© 2026 GoKawiil

About | Editorial Policy | Contact