Microsoft patches RoguePlanet Defender zero-day vulnerability
Key Points:
- Microsoft released a security patch via the Microsoft Malware Protection Engine update (version 1.1.26060.3008) to fix the Defender zero-day vulnerability known as "RoguePlanet" (CVE-2026-50656).
- The flaw, disclosed by security researcher "Nightmare Eclipse" after the June 2026 Patch Tuesday, allows attackers to spawn a SYSTEM-privileged command prompt on fully patched Windows 10 and 11 devices through a race condition in Microsoft Defender.
- Nightmare Eclipse shared a proof-of-concept exploit publicly and criticized Microsoft's bug bounty and vulnerability disclosure policies, claiming Microsoft had removed their previous exploit repositories from GitHub and GitLab.
- Microsoft confirmed working on a patch since June 16 but has not acknowledged Nightmare Eclipse as the vulnerability's discoverer.
- Nightmare Eclipse has disclosed multiple other Windows zero-day vulnerabilities recently, with Microsoft having patched some, including GreenPlasma, MiniPlasma, and YellowKey, in the June 2026 updates.