Microsoft Confirms RoguePlanet Defender Zero-Day, Patch in Development

Microsoft has confirmed that it is working on a security update for a newly disclosed Microsoft Defender zero-day vulnerability known as RoguePlanet, which can reportedly grant attackers SYSTEM-level privileges on fully patched Windows 10 and Windows 11 systems.

Microsoft is actively working on a fix for the RoguePlanet Defender zero-day

The vulnerability, now tracked as CVE-2026-50656, affects the Microsoft Malware Protection Engine used by Microsoft Defender. Security researcher Nightmare Eclipse disclosed the flaw, describing it as a race condition that allows attackers to spawn command prompt windows with elevated SYSTEM privileges.

According to the researcher, the exploit can be unreliable because it depends on precise timing. However, they claim the vulnerability works even when Microsoft Defender’s real-time protection feature is disabled, potentially expanding the number of affected systems.

Microsoft initially acknowledged the report and said it was investigating the claims. The company has now confirmed that CVE-2026-50656 is an elevation of privilege vulnerability and stated that it is working on a high-quality security update to address the issue.

At the time of writing, Microsoft has not released a security patch for CVE-2026-50656. The company has not provided a timeline for when the fix will become available.

The disclosure also highlights the long-running history between Microsoft and Nightmare Eclipse. Microsoft did not credit the researcher in its advisory. The two have previously clashed over vulnerability disclosures, including Microsoft’s decision to ban Nightmare Eclipse from GitHub after a series of Windows exploit releases and an earlier dispute in which Microsoft later backtracked on legal threats related to the YellowKey zero-day disclosure.

Follows recent Defender security fixes

The new vulnerability comes shortly after Microsoft addressed several other Microsoft Defender-related security issues during the June 2026 Patch Tuesday updates.

Those updates included fixes for the previously disclosed GreenPlasma, MiniPlasma, and YellowKey proof-of-concept exploits, along with more than 200 other vulnerabilities across Microsoft’s software portfolio.

Security researchers and system administrators are now waiting for Microsoft’s upcoming update to determine how broadly RoguePlanet can be exploited in real-world attacks and whether any temporary mitigations will be recommended before a patch becomes available.

Via BleepingComputer