Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Staff Editor 2026-06-17
Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

Microsoft Working on Patch for ‘RoguePlanet’ Zero-Day

https://www.securityweek.com/microsoft-working-on-patch-for-rogueplanet-zero-day/

Publish Date: 2026-06-17 05:41:00

Source Domain: www.securityweek.com

Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation.

The security defect, now tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse).

“Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ‘RoguePlanet’,” the tech giant’s advisory reads.

“We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available,” Microsoft adds.

RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges.

The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed.

Advertisement. Scroll to continue reading.

Initially, Nightmare Eclipse noted, the bug could be abused for remote code execution (RCE), but some of the exploitation paths were closed in May, when Microsoft rolled out updates that hardened Defender.

The RoguePlanet PoC was reworked to circumvent these mitigations and can be unreliable. However, the researcher was confident that it could be refined to work at all times, even on Windows Server systems.  

On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender’s real-time protection is enabled or disabled. It may even work in passive mode, the researcher said.

Over the past couple of months, driven by discontent towards Microsoft’s vulnerability disclosure process, Nightmare Eclipse dropped several zero-day exploits targeting the company’s products, including BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), and UnDefend…

Source

More Stories

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Staff Editor 2026-06-19
The Attack Surface Your Security Team Isn’t Governing Yet

The Attack Surface Your Security Team Isn’t Governing Yet

Staff Editor 2026-06-19
Websites and portals are down as Mount Royal University responds to a cyber security incident

Websites and portals are down as Mount Royal University responds to a cyber security incident

Staff Editor 2026-06-19

Terms and Conditions - Privacy Policy