Exploit Mechanics
A security researcher known as Chaotic Eclipse has released a proof-of-concept exploit for a zero-day vulnerability in Microsoft Defender, dubbed RoguePlanet. The attack relies on a race condition that, when successful, elevates privileges to SYSTEM level, allowing an attacker to run arbitrary code on the target machine. The researcher published the exploit under a new GitHub account named MSNightmare, noting that success rates vary between 100% on some systems and inconsistent results on others.
The exploit was tested on fully patched Windows 11 and Windows 10 machines with June 2026 Patch Tuesday updates installed. Windows Server installations are also vulnerable, though the current version does not work on them because standard users cannot mount ISO images. The researcher indicated the exploit would need to be redesigned for server environments.
Broader Context
RoguePlanet is the latest in a series of vulnerabilities disclosed by Chaotic Eclipse, following previous flaws including BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091). Security researcher Will Dormann confirmed the exploit worked on his first attempt, though he noted it is not 100% reliable. The uncoordinated disclosures appear to stem from a breakdown in communication between the researcher and Microsoft, with Chaotic Eclipse describing the development process as mentally and physically draining.
Source: The Hacker News
