{"id":276419,"date":"2026-06-17T05:41:00","date_gmt":"2026-06-17T09:41:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/17\/microsoft-working-on-patch-for-rogueplanet-zero-day\/"},"modified":"2026-06-19T17:35:17","modified_gmt":"2026-06-19T21:35:17","slug":"microsoft-working-on-patch-for-rogueplanet-zero-day","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/17\/microsoft-working-on-patch-for-rogueplanet-zero-day\/","title":{"rendered":"Microsoft Working on Patch for &#8216;RoguePlanet&#8217; Zero-Day"},"content":{"rendered":"<p><a href=\"https:\/\/www.securityweek.com\/microsoft-working-on-patch-for-rogueplanet-zero-day\/\">Microsoft Working on Patch for &#8216;RoguePlanet&#8217; Zero-Day<\/a><\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/microsoft-working-on-patch-for-rogueplanet-zero-day\/\">https:\/\/www.securityweek.com\/microsoft-working-on-patch-for-rogueplanet-zero-day\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-17 05:41:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.securityweek.com\">www.securityweek.com<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation.<\/strong><\/p>\n<p class=\"wp-block-paragraph\">The security defect, now tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse).<\/p>\n<p class=\"wp-block-paragraph\">\u201cMicrosoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as \u2018RoguePlanet\u2019,\u201d the tech giant\u2019s advisory reads.<\/p>\n<p class=\"wp-block-paragraph\">\u201cWe are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available,\u201d Microsoft adds.<\/p>\n<p class=\"wp-block-paragraph\">RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges.<\/p>\n<p class=\"wp-block-paragraph\">The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed.<\/p>\n<p><span class=\"zox-ad-label\">Advertisement. Scroll to continue reading.<\/span><\/p>\n<p class=\"wp-block-paragraph\">Initially, Nightmare Eclipse noted, the bug could be abused for remote code execution (RCE), but some of the exploitation paths were closed in May, when Microsoft rolled out updates that hardened Defender.<\/p>\n<p class=\"wp-block-paragraph\">The RoguePlanet PoC was reworked to circumvent these mitigations and can be unreliable. However, the researcher was confident that it could be refined to work at all times, even on Windows Server systems.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender\u2019s real-time protection is enabled or disabled. It may even work in passive mode, the researcher said.<\/p>\n<p class=\"wp-block-paragraph\">Over the past couple of months, driven by discontent towards Microsoft\u2019s vulnerability disclosure process, Nightmare Eclipse dropped several zero-day exploits targeting the company\u2019s products, including BlueHammer (CVE-2026-33825), RedSun (CVE-2026-41091), and UnDefend&#8230;<\/p>\n<p><a href=\"https:\/\/www.securityweek.com\/microsoft-working-on-patch-for-rogueplanet-zero-day\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Working on Patch for &#8216;RoguePlanet&#8217; Zero-Day https:\/\/www.securityweek.com\/microsoft-working-on-patch-for-rogueplanet-zero-day\/ Publish Date: 2026-06-17 05:41:00 Source Domain: www.securityweek.com&#8230;<\/p>\n","protected":false},"author":1,"featured_media":276420,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.securityweek.com\/wp-content\/uploads\/2025\/10\/Windows-10.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,32,27],"class_list":["post-276419","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/276419"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=276419"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/276419\/revisions"}],"predecessor-version":[{"id":276421,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/276419\/revisions\/276421"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/276420"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=276419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=276419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=276419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}