Microsoft has released a security patch for a Defender zero-day vulnerability called RoguePlanet, tracked as CVE-2026-50656, which was disclosed by researcher Nightmare Eclipse as part of an ongoing dispute over Microsoft's bug bounty practices. The flaw affects fully patched Windows 10 and Windows 11 devices, allowing attackers to spawn a SYSTEM-level command prompt through a race condition in Microsoft Defender, regardless of whether real-time protection is enabled. The patch was delivered through an update to the Microsoft Malware Protection Engine version 1.1.26060.3008.
Nightmare Eclipse shared a proof-of-concept exploit in a self-hosted Git repository after Microsoft removed their previous exploit-hosting repos from GitHub and GitLab. Microsoft confirmed it was working on a patch for CVE-2026-50656 on June 16 but has not acknowledged the researcher's discovery. The researcher noted the exploit has variable success rates across different machines.
This follows a series of Windows zero-day disclosures from the same researcher, including BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend, with GreenPlasma, MiniPlasma, and YellowKey patched in the June 2026 Patch Tuesday updates. Microsoft has issued warnings of legal action against what it describes as malicious activity causing harm to customers, leading experts to believe the company is directly threatening the researcher. The RoguePlanet disclosure continues the pattern of public exploits being released amid ongoing tensions between the security community and Microsoft.
Read more...
