Microsoft has confirmed that it’s engaged on a safety patch for a zero-day vulnerability in Defender named RoguePlanet that was made public per week in the past.
Safety researchers who printed the RoguePlanet exploit throughout June 2026 Patch Tuesday (generally known as Nightmare Eclipse) stated the vulnerability impacts absolutely patched Home windows 10 and Home windows 11 gadgets and permits an attacker to spawn a command immediate with SYSTEM privileges by way of a race situation in Microsoft Defender.
He shared a proof-of-concept exploit for self-hosted Git repositories and claimed that Microsoft had beforehand focused and eliminated exploits internet hosting repositories on GitHub and GitLab.
“This exploit is race-based, so it is hit and miss. We had a 100% success price on some machines, however not on others,” stated Nightmare Eclipse. “RoguePlanet’s PoC works whether or not or not real-time safety is turned on,” they added in Tuesday’s replace.
“Microsoft is conscious of the reported vulnerabilities and is actively investigating the validity and potential applicability of those claims. Microsoft is dedicated to investigating safety points and updating affected merchandise as shortly as attainable to guard our clients,” a Microsoft spokesperson advised BleepingComputer when requested for an announcement on the time.
At the moment tracked as CVE-2026-50656 and awaiting patch.
On Tuesday, per week after the RoguePlanet flaw was made public, Microsoft assigned the safety flaw the CVE-2026-50656 ID and confirmed it was engaged on a patch, however didn’t affirm that Nightmare Eclipse was the corporate that found the vulnerability.
“Microsoft is publicly conscious of an elevation of privilege in Microsoft Defender’s Microsoft Malware Safety Engine, generally known as ‘RoguePlanet,'” it stated in an advisory printed yesterday. ”
The discharge of RoguePlanet is a part of an ongoing dispute between Nightmare Eclipse and Microsoft over the latter’s bug bounty and vulnerability disclosure practices.
Over the previous few months, the researcher has publicly leaked a number of Home windows zero-day exploits, together with flaws in BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend. A few of these zero-days have an effect on Microsoft Defender, whereas others goal BitLocker and Home windows elements.
The corporate reacted to the Nightmare Eclipse revelations by issuing a warning of authorized motion if individuals interact in “malicious exercise that ends in actual hurt to our clients,” main cybersecurity specialists and researchers to imagine that Microsoft was threatening researchers.
Microsoft final week fastened flaws in GreenPlasma, MiniPlasma, and YellowKey as a part of the June 2026 Patch Tuesday replace.
Safety groups doc 54% of profitable assaults and challenge a warning on solely 14%. The remaining strikes invisibly by way of the surroundings.
Picus’ whitepaper exhibits learn how to check your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
