Microsoft Patches Defender ‘RoguePlanet’ Vulnerability

  Rassegna Stampa, Security
image_pdfimage_print

Microsoft has begun rolling out patches for a Defender vulnerability known as RoguePlanet, roughly one month after a researcher published a zero-day exploit for it.

Officially tracked as CVE-2026-50656, the vulnerability leverages a race condition, enabling an attacker to escalate privileges to System. 

A PoC exploit for RoguePlanet was made public on June 9 by a researcher known as Nightmare Eclipse (Chaotic Eclipse), who over the past months released several Windows exploits following a quarrel with Microsoft over the company’s handling of vulnerability reports. 

The researcher noted at the time that the exploit had not achieved a 100% success rate during testing, but it could be redesigned to become more stable.

Microsoft published an advisory for the vulnerability on June 16 and updated it on July 8 to inform customers about the availability of patches.

The tech giant said customers do not need to take any action, as the fix was delivered via a Microsoft Malware Protection Engine update, which should be deployed automatically. 

Advertisement. Scroll to continue reading.

In addition, the tech giant said the update that patches RoguePlanet also includes some unspecified “defense-in-depth updates to help improve security-related features”.

Following Microsoft’s patches for RoguePlanet, Nightmare Eclipse has again analyzed Defender and discovered new issues related to memory leaks and the handling of quarantined files. The researcher is trying to determine whether these findings can be exploited. 

There do not appear to be any reports describing exploitation of RoguePlanet, but some of the vulnerabilities disclosed by Nightmare Eclipse did end up being exploited in the wild, including those dubbed RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), and BlueHammer (CVE-2026-33825).

Related: Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Related: Critical Adobe ColdFusion Vulnerability Exploited in Attacks

Related: Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems

Related: CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws

https://www.securityweek.com/microsoft-patches-defender-rogueplanet-vulnerability/