Vulnerability Details
Microsoft has confirmed a critical zero day vulnerability in Microsoft Defender, tracked as CVE-2026-50656 and nicknamed RoguePlanet. The flaw exists in the Microsoft Malware Protection Engine and carries a CVSS score of 7.8. It is classified as an Elevation of Privilege vulnerability caused by a Time of Check to Time of Use race condition. An attacker can exploit this timing window between file path verification and action to spawn a command prompt with SYSTEM level privileges on fully patched Windows 10 and Windows 11 systems.
Public Exploit and Impact
The exploit was first released on June 10, 2026 by a researcher using the aliases Nightmare Eclipse and Chaotic Eclipse. ThreatLocker independently reproduced the exploit and confirmed it works on systems with the June 2026 cumulative update KB5094126. Alarmingly, the proof of concept functions regardless of whether Defender’s Real Time Protection is enabled or disabled, and may even work in passive mode. Signature based detection has proven ineffective as minor modifications can bypass mitigations. Microsoft rates this as “Exploitation More Likely” on its Exploitability Index, though it has not yet been observed in the wild.
Patch Status
Microsoft’s Security Response Center stated they are working to provide a high quality security update that addresses this vulnerability. No specific patch release date has been announced. The CVE advisory will be updated once the security update becomes available.
Source: Cyber Security News
