Vulnerabilities

Microsoft Patches Defender ‘RoguePlanet’ Vulnerability

The privilege escalation vulnerability tracked as CVE-2026-50656 has been patched with a Microsoft Malware Protection Engine update.

Windows security

Microsoft has begun rolling out patches for a Defender vulnerability known as RoguePlanet, roughly one month after a researcher published a zero-day exploit for it.

Officially tracked as CVE-2026-50656, the vulnerability leverages a race condition, enabling an attacker to escalate privileges to System. 

A PoC exploit for RoguePlanet was made public on June 9 by a researcher known as Nightmare Eclipse (Chaotic Eclipse), who over the past months released several Windows exploits following a quarrel with Microsoft over the company’s handling of vulnerability reports. 

The researcher noted at the time that the exploit had not achieved a 100% success rate during testing, but it could be redesigned to become more stable.

Microsoft published an advisory for the vulnerability on June 16 and updated it on July 8 to inform customers about the availability of patches.

The tech giant said customers do not need to take any action, as the fix was delivered via a Microsoft Malware Protection Engine update, which should be deployed automatically. 

Advertisement. Scroll to continue reading.

In addition, the tech giant said the update that patches RoguePlanet also includes some unspecified “defense-in-depth updates to help improve security-related features”.

Following Microsoft’s patches for RoguePlanet, Nightmare Eclipse has again analyzed Defender and discovered new issues related to memory leaks and the handling of quarantined files. The researcher is trying to determine whether these findings can be exploited. 

There do not appear to be any reports describing exploitation of RoguePlanet, but some of the vulnerabilities disclosed by Nightmare Eclipse did end up being exploited in the wild, including those dubbed RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), and BlueHammer (CVE-2026-33825).

Related: Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Related: Critical Adobe ColdFusion Vulnerability Exploited in Attacks

Related: Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems

Related: CISA Urges Immediate Patching of Exploited ColdFusion, Langflow, Joomla Flaws

Related Content

Vulnerabilities

Buffer overflow, DoS, command injection, SSRF, authentication bypass, and other types of vulnerabilities have been found in PAN-OS software.

Artificial Intelligence

Wiz has disclosed the details of a new AI coding assistant attack method it has dubbed GhostApproval.

Vulnerabilities

The security refresh resolves 13 use-after-free bugs, including two critical-severity flaws found by Google.

Vulnerabilities

Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device's web management interface.

Artificial Intelligence

The "Rogue Agent" vulnerability could have enabled attackers to silently manipulate AI conversations, exfiltrate data, and compromise every Dialogflow CX agent within the same...

Artificial Intelligence

Researchers show how attackers can use a crafted public GitHub Issue to trick AI-powered workflows into exposing data from private repositories without authentication.

Vulnerabilities

Attackers are exploiting the critical Gitea vulnerability CVE-2026-20896 to bypass authentication with a single HTTP header and access vulnerable repositories and secrets.

Vulnerabilities

Hackers are exploiting a recently patched critical vulnerability (CVE-2026-48282) in Adobe ColdFusion that carries a CVSS score of 10/10.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version