Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

Ravie LakshmananJun 10, 2026Zero-Day / Vulnerability

The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet.

“The exploit is a race condition, so it’s a hit or miss,” the researcher, who published the exploit under a new GitHub account, “MSNightmare” said. “I have managed to get a 100% success rate on some machines while it struggled to work on others.”

Should the exploit succeed, the result is a shell with SYSTEM-level privileges, granting the attacker the ability to run arbitrary code or perform unauthorized actions.

The researcher said the exploit has been tested on Windows 11 and 10 machines with the June 2026 Patch Tuesday updates installed, meaning the exploit works on the up-to-date versions of the desktop operating system.

That said, the exploit does not work on Windows Server instances in its current form since “standard users cannot mount an ISO image.” Chaotic Eclipse emphasized that Windows Server installations are also vulnerable to the flaw and that the exploit needs to be redesigned for it to work.

“Getting this PoC to work genuinely drained my soul, it severely degraded my mental and physical health but in the end of May [sic], a full PoC was developed,” the researcher said.

“Microsoft’s efforts to protect Defender from path redirection attacks are useless, I have a batch of memory corruption vulnerabilities in defender as well and not to mention the other batch of vulnerabilities I have in several other components.”