- Microsoft confirms RoguePlanet as CVE‑2026‑50656, an elevation of privilege flaw in Defender’s malware protection engine
- Leaked by Chaotic Eclipse as a Zero Day Race Condition Granting SYSTEM Privileges on Windows 10/11 Fully Fixed
- Seventh exploit of their campaign; PoC validated by ThreatLocker, Microsoft promising a fix despite the ongoing feud
Microsoft has assigned a unique identifier to the recently revealed RoguePlanet vulnerability and confirmed that it is currently working on a fix.
“Microsoft is aware of an escalation of privilege in Microsoft’s malware protection engine in Microsoft Defender, publicly referred to as ‘RoguePlanet,’ the company said in a recently disclosed security advisory.
“We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.”
Chaotic Eclipse’s Grudge
A security researcher going by the pseudonym Chaotic Eclipse recently revealed a zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its June Patch Tuesday cumulative update.
Chaotic Eclipse is waging a personal crusade against Microsoft, which they accuse of disrespect and mishandling vulnerability disclosures. RoguePlanet is the seventh zero-day exploit disclosed in a few months. This bug, described as a “race condition vulnerability,” grants attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
Before that, they also released the BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend vulnerabilities. Some of them affect Microsoft Defender, as well as some BitLocker and other Windows components.
They released a proof-of-concept (PoC) exploit in a self-hosted Git, after stating that the GitHub and GitLab repositories hosting previous work had been removed by Microsoft.
“The exploit is a race condition, so it’s a fluke. I managed to get a 100% success rate on some machines while it struggled to work on others,” they explained. Security researchers ThreatLocker confirmed to the publication that the flaw worked and even recorded a video to demonstrate how it worked.
Microsoft is now tracking RoguePlanet as CVE-2026-50656. Earlier, the company said it would consider taking legal action when people engaged in “malicious activity that causes actual harm to our customers.” Chaotic Eclipse does not appear to be heeded by these warnings, which some have interpreted as threats.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
