Bleeping Computer reports that Microsoft has released a security patch to address a zero-day vulnerability in Microsoft Defender, known as "RoguePlanet," which was disclosed after the June 2026 Patch Tuesday.The vulnerability, tracked as CVE-2026-50656, was revealed by a security researcher using the handle "Nightmare Eclipse." The researcher also shared a proof-of-concept exploit, claiming that Microsoft had previously removed their exploit repositories from platforms like GitHub and GitLab. According to Nightmare Eclipse, RoguePlanet affects fully patched Windows 10 and Windows 11 devices. It allows attackers to spawn a command prompt with SYSTEM privileges through a race condition within Microsoft Defender. Microsoft confirmed it was working on a patch and has since released an update to the Microsoft Malware Protection Engine, version 1.1.26060.3008, to address the flaw.This incident follows a series of other zero-day disclosures by Nightmare Eclipse, including vulnerabilities affecting BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend. Microsoft has previously issued warnings of legal action against individuals engaging in activities that cause harm to customers, leading to speculation that these warnings were directed at the researcher.Source: Bleeping Computer
Vulnerability Management
Microsoft releases patch for Defender zero-day vulnerability RoguePlanet

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



