Microsoft Confirms Defender Zero Day CVE-2026-50656 Bypasses Protections

A fully functional exploit for a Microsoft Defender privilege escalation flaw works on patched systems and bypasses signature based detection.

CSBadmin
2 Min Read

Vulnerability Details

Microsoft has confirmed a critical zero day vulnerability in Microsoft Defender, tracked as CVE-2026-50656 and nicknamed RoguePlanet. The flaw exists in the Microsoft Malware Protection Engine and carries a CVSS score of 7.8. It is classified as an Elevation of Privilege vulnerability caused by a Time of Check to Time of Use race condition. An attacker can exploit this timing window between file path verification and action to spawn a command prompt with SYSTEM level privileges on fully patched Windows 10 and Windows 11 systems.

Public Exploit and Impact

The exploit was first released on June 10, 2026 by a researcher using the aliases Nightmare Eclipse and Chaotic Eclipse. ThreatLocker independently reproduced the exploit and confirmed it works on systems with the June 2026 cumulative update KB5094126. Alarmingly, the proof of concept functions regardless of whether Defender’s Real Time Protection is enabled or disabled, and may even work in passive mode. Signature based detection has proven ineffective as minor modifications can bypass mitigations. Microsoft rates this as “Exploitation More Likely” on its Exploitability Index, though it has not yet been observed in the wild.

Patch Status

Microsoft’s Security Response Center stated they are working to provide a high quality security update that addresses this vulnerability. No specific patch release date has been announced. The CVE advisory will be updated once the security update becomes available.

Source: Cyber Security News

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.