← All stories
● Covered by 1 source Β· 1 reportHigh impact

Microsoft patches RoguePlanet Defender zero-day vulnerability

Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

Microsoft has released a security patch to address the RoguePlanet vulnerability (CVE-2026-50656) affecting Windows 10 and 11 devices. The flaw allows attackers to gain SYSTEM privileges through a race condition in Microsoft Defender, posing a significant security risk.

Key points

Vulnerability Details

The RoguePlanet vulnerability, disclosed after the June 2026 Patch Tuesday, allows exploitation of a race condition in Microsoft Defender on fully patched Windows 10 and 11 devices. This flaw enables attackers to open a command prompt with SYSTEM privileges.

Researcher Background and Disclosure

The vulnerability was revealed by a researcher known as Nightmare Eclipse, who has been involved in an ongoing dispute with Microsoft concerning its bug bounty and vulnerability disclosure policies. Nightmare Eclipse shared a proof-of-concept exploit but alleges that Microsoft previously removed similar exploits from hosting platforms.

Microsoft's Response and Patch Release

On June 16, Microsoft confirmed it was addressing CVE-2026-50656. The patch was officially released on June 23 via an update to the Microsoft Malware Protection Engine. This update seeks to mitigate the vulnerability and advises users on how to verify the installation of the new version.

Context of Ongoing Vulnerability Disclosures

Nightmare Eclipse has previously disclosed several other zero-day vulnerabilities in Windows, including flaws named BlueHammer, RedSun, and GreenPlasma. Microsoft's recent updates have addressed some of these issues, indicating an ongoing focus on resolving security weaknesses in its systems.

Microsoft's Stance on Security Research

Following these disclosures, Microsoft has warned of potential legal action against actions it views as malicious. This has drawn criticism and concern from cybersecurity experts regarding the implications for security research and public disclosure practices.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub Nightmare-Eclipse/UnDefend CVE CVE-2026-506567.8 HIGH

Reporting from

Microsoft has released a security patch to address the RoguePlanet vulnerability (CVE-2026-50656) affecting Windows 10 and 11 devices. The flaw allows attackers to gain SYSTEM privileges through a race condition in Microsoft Defender, posing a significant security risk.