Microsoft Patches 'RoguePlanet' Defender Zero-Day After Public Disclosure
Microsoft has released an urgent security update to address a critical zero-day vulnerability, dubbed 'RoguePlanet,' affecting **Microsoft Defender**. Disclosed by the security researcher known as **Nightmare Eclipse**, the flaw allows attackers to gain SYSTEM privileges on fully patched Windows 10 and 11 devices, leveraging a race condition within the antivirus engine.
Following a public disclosure and the release of a proof-of-concept (PoC) exploit, **Microsoft** has rolled out a patch for a critical zero-day vulnerability in **Microsoft Defender**. Tracked as **CVE-2026-50656** and dubbed "RoguePlanet," the flaw was revealed by the security researcher **Nightmare Eclipse**.
The disclosure comes amidst an ongoing dispute between **Nightmare Eclipse** and **Microsoft** concerning the company's bug bounty and vulnerability disclosure protocols. The researcher shared a PoC exploit on a self-hosted Git repository, alleging that previous exploit repos were removed from **GitHub** and **GitLab** by **Microsoft**.
### RoguePlanet: A Race Condition for SYSTEM Privileges
**Nightmare Eclipse** detailed that "RoguePlanet" impacts fully updated Windows 10 and Windows 11 systems. The vulnerability exploits a race condition within **Microsoft Defender**, enabling an attacker to spawn a command prompt with SYSTEM privileges.
"The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others," explained **Nightmare Eclipse**. The researcher further clarified in a follow-up statement that "The PoC for RoguePlanet works regardless if real time protection is on or not."
**Microsoft** confirmed on June 16 that it was developing a patch for **CVE-2026-50656** but has not yet officially acknowledged **Nightmare Eclipse's** discovery of the vulnerability.
### Patch Delivered via Malware Protection Engine Update
On Wednesday, **Microsoft** addressed the "RoguePlanet" vulnerability by releasing **Microsoft Malware Protection Engine 1.1.26060.3008**. This update targets the core scanning engine powering **Microsoft's** security solutions and services.
"Microsoft has released an update to the Microsoft Malware Protection Engine that addresses the vulnerability identified by **CVE-2026-50656**. Please see the FAQ for more information on how to check if the new version has been installed," **Microsoft** stated in its advisory.
### A History of Disclosures and Discontent
**Nightmare Eclipse** has a track record of disclosing multiple Windows zero-day exploits in recent months. These include vulnerabilities such as **BlueHammer**, **RedSun**, **GreenPlasma**, **MiniPlasma**, **YellowKey**, and **UnDefend**.
While some of these flaws affect **Microsoft Defender**, others target **BitLocker** and other core Windows components. Notably, **Microsoft** patched the **GreenPlasma**, **MiniPlasma**, and **YellowKey** vulnerabilities a month prior, as part of the June 2026 Patch Tuesday updates.
**Microsoft** has also publicly reacted to **Nightmare Eclipse's** disclosures, issuing statements against what it described as "malicious activity causing real harm to our customers." This response has led some cybersecurity experts to interpret it as a direct threat against the security researcher.