- Chaotic Eclipse launches the seventh Windows Zero Day, “RoguePlanet”, a few hours after Patch Tuesday
- The race condition exploit grants SYSTEM privileges; PoC confirmed viable by ThreatLocker
- Researcher continues public disclosures amid row with Microsoft, following BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma and MiniPlasma
Chaotic Eclipse, Microsoft’s mysterious security researcher with a grudge, has revealed another zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its recent record-breaking June Patch Tuesday cumulative update.
This is the seventh zero-day exploit revealed by Chaotic Eclipse in a few months. Called “RoguePlanet,” this bug is described as a “race condition vulnerability” that grants attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
The researcher published a proof-of-concept (PoC) exploit earlier this week in a self-hosted Git, after saying that the GitHub and GitLab repositories hosting previous work had been deleted by Microsoft.
Perform as described
“The exploit is a race condition, so it’s a fluke. I managed to get a 100% success rate on some machines while it struggled to work on others,” they explained.
Security researchers ThreatLocker confirmed to the publication that the flaw worked and even recorded a video to demonstrate how it worked.
“Our initial analysis confirms that the RoguePlanet exploit is viable and works as described. Organizations using application whitelisting can prevent the exploit from running, providing an effective layer of protection against this attack,” said Danny Jenkins, CEO of ThreatLocker. BeepComputer.
In early April 2026, Chaotic Eclipse revealed the discovery of BlueHammer, a Windows Defender elevation of privilege vulnerability. At the time, they said they were disclosing it because they were unhappy with how Microsoft had handled vulnerability disclosures.
“They cleaned the floor with me and played every childish game they could. It was so bad at one point that I wondered if I was dealing with a big corporation or someone who was just having fun watching me suffer, but it seemed like a collective decision,” they later explained.
In the meantime, six other vulnerabilities have been revealed: RedSun, UnDefend, YellowKey, GreenPlasma and MiniPlasma. Microsoft released this month’s cumulative update for Patch Tuesday, fixing two of the flaws: GreenPlasma and YellowKey.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
