Microsoft Patches RoguePlanet Flaw in Defender Engine Update
Microsoft Defender RoguePlanet vulnerability has been patched after a zero-day flaw was disclosed following the June 2026 Patch Tuesday updates.
The vulnerability, tracked as CVE-2026-50656, reportedly affected fully patched Windows 10 and Windows 11 systems. Microsoft has now addressed the issue through an updated Microsoft Malware Protection Engine.
RoguePlanet could allow SYSTEM-level privileges
RoguePlanet involves a race condition in Microsoft Defender. According to the researcher who disclosed the flaw, attackers could potentially exploit it to gain SYSTEM-level privileges on affected Windows devices.
The researcher said the exploit did not behave the same way on every system. It was inconsistent on some machines but highly reliable on others.
More concerning, the researcher claimed the flaw could work regardless of whether Microsoft Defender real-time protection was enabled.
The disclosure drew attention because RoguePlanet reportedly worked on fully patched Windows 10 and Windows 11 systems after the June 2026 Patch Tuesday updates.
That means users who had already installed the latest monthly Windows security updates may still have needed the separate Defender engine update to close the vulnerability.
Microsoft patched CVE-2026-50656
Microsoft fixed the issue in Microsoft Malware Protection Engine version 1.1.26060.3008.
The Malware Protection Engine powers Microsoft Defender and several other Microsoft security products, so the update matters for both consumer and enterprise environments.
Microsoft says the engine update addresses CVE-2026-50656. Users and IT admins should confirm that their devices have received the latest Malware Protection Engine version.
This is not the first exploit disclosed by the same researcher. They were also linked to the earlier BlueHammer exploit, which has been used in ransomware attacks.
With the rapid advancement of AI-driven attack techniques, the risk of delaying security updates is greater than ever, as threat actors can more quickly identify and exploit newly disclosed vulnerabilities.
Microsoft has repeatedly advised users and organizations not to postpone updates, emphasizing that the timely installation of both Windows patches and Defender engine updates is critical to maintaining protection against evolving threats.
Via BleepingComputer
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
User forum
0 messages