Microsoft has released a security update to fix the RoguePlanet vulnerability, a Microsoft Defender zero-day disclosed shortly after the June 2026 Patch Tuesday.
Security researcher Nightmare Eclipse publicly disclosed the flaw, tracked as CVE-2026-50656, during an ongoing dispute with Microsoft over its vulnerability disclosure and bug bounty practices.
RoguePlanet Vulnerability Affected Fully Patched Systems
According to Nightmare Eclipse, the RoguePlanet vulnerability affected fully patched Windows 10 and Windows 11 systems.
The researcher says attackers could exploit a race condition in Microsoft Defender to launch a command prompt with SYSTEM privileges, giving them the highest level of access on the affected device.
Nightmare Eclipse also published a proof-of-concept (PoC) exploit in a self-hosted Git repository.
The researcher claims Microsoft previously removed repositories containing similar exploits from GitHub and GitLab.
Exploit Success Varied Between Systems
Nightmare Eclipse described the exploit as a race condition, meaning successful exploitation depended on timing.
According to the researcher, some systems consistently executed the exploit successfully, while others proved far less reliable.
The researcher also said the proof-of-concept worked regardless of whether Microsoft Defender’s real-time protection was enabled.
Microsoft Released a Defender Engine Update
Microsoft acknowledged on June 16 that it was developing a fix for CVE-2026-50656.
However, the company has not publicly credited Nightmare Eclipse for discovering the vulnerability.
On Wednesday, Microsoft released Microsoft Malware Protection Engine version 1.1.26060.3008, which fixes the issue.
The Malware Protection Engine serves as the core scanning component behind Microsoft Defender and several other Microsoft security products.
Microsoft confirmed that the updated engine resolves the RoguePlanet vulnerability and advised customers to verify they are running the latest version.
Researcher Previously Disclosed Multiple Windows Zero-Days
Nightmare Eclipse has disclosed several Windows zero-day vulnerabilities over the past few months.
Those include:
- BlueHammer
- RedSun
- GreenPlasma
- MiniPlasma
- YellowKey
- UnDefend
Some of the vulnerabilities affected Microsoft Defender, while others targeted BitLocker and additional Windows components.
Microsoft patched the GreenPlasma, MiniPlasma, and YellowKey flaws during the June 2026 Patch Tuesday release.
Ongoing Dispute Over Vulnerability Disclosures
The disclosures have also fueled tensions between Microsoft and the researcher.
Microsoft has warned that individuals engaging in what it describes as malicious activity that harms customers could face legal action.
Those statements led some cybersecurity experts to believe the company was directing the warnings at Nightmare Eclipse following the public release of several proof-of-concept exploits.
The latest patch closes the RoguePlanet vulnerability, but the disagreement over vulnerability disclosure practices between Microsoft and the researcher continues.


0 responses to “Microsoft Fixes RoguePlanet Defender Zero-Day Vulnerability”