Skip to main content
SecurityXP

Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development Vulnerability

· 3 min read · SecurityXP

I think it even works in the case of passive mode, but not really sure, haven’t tested that.” Microsoft told The Hacker News last week that it’s aware of the reported vulnerability and that it’s “actively investigating the validity and potential applicability of these claims.” RoguePlanet is the fourth Defender vulnerability disclosed by Chaotic Eclipse after BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091), all of which have since been patched by Microsoft. The issue is tracked as CVE-2026-50656, CVE-2026-33825, CVE-2026-45498. It carries a CVSS score of 3.1 (LOW).

The Vulnerability

The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw.

Further details indicate that “We are working to provide a high-quality security update that addresses this vulnerability.” The development comes nearly a week after a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse) released RoguePlanet, calling the exploit a case of a race condition that grants attackers a shell with SYSTEM-level privileges.

Microsoft has acknowledged the RoguePlanet zero-day affecting Microsoft Defender, tracked as CVE-2026-50656 (CVSS score of 7.8).

RoguePlanet is the latest vulnerability disclosed by researcher Chaotic Eclipse, following BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091).

“Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender, publicly referred to as ‘RoguePlanet,’”, Spokesperson

Technical Details

CVEs:

Severity:

  • CVSS 3.1, LOW

Technical specifics on the underlying mechanism remain under review by security researchers.

Risk & Exposure

The company stated it is aware of the issue and is actively developing a security update to address the flaw and protect affected systems. The exploit was successfully tested on fully updated Windows 10 and Windows 11 systems running the June 2026 Patch Tuesday updates, showing that patched systems may still be vulnerable. The researcher also alleged that Microsoft Defender remains vulnerable and claimed to have discovered additional memory corruption flaws and other security issues affecting multiple components.

Timeline

| Date | Event | |, , |, , -| | 2026 | I think it even works in the case of passive mode, but not really sure, haven’t tested that.” Microsoft told The Hack… | | 2026 | The exploit was successfully tested on fully updated Windows 10 and Windows 11 systems running the June 2026 Patch Tu… | | 2026 | RoguePlanet is the latest vulnerability disclosed by researcher Chaotic Eclipse, following BlueHammer (CVE-2026-33825… | | June 10, 2026 | RoguePlanet was first released on June 10, 2026, just hours after Microsoft concluded its June 2026 Patch Tuesday rol… | | 2026 | The vulnerability affects fully patched Windows 10 and Windows 11 systems, including those running the June 2026 cumu… |

Patching & Remediation

  1. Microsoft has formally disclosed that it’s working to release a patch to address a Defender zero-day codenamed RoguePlanet.

  2. The company stated it is aware of the issue and is actively developing a security update to address the flaw and protect affected systems.

  3. The exploit was successfully tested on fully updated Windows 10 and Windows 11 systems running the June 2026 Patch Tuesday updates, showing that patched systems may still be vulnerable.

  4. In an update published on Tuesday, the researcher said the RoguePlanet PoC works even with Microsoft Defender real-time protection disabled or enabled, and likely in passive mode too.

  5. We are working to provide a high quality security update that addresses this vulnerability.

  6. We will provide information in this CVE when the update is available.” reads the advisory.

Analysis

This disclosure adds to a growing pattern of critical vulnerabilities affecting enterprise infrastructure.

Sources

  1. https://github.com/MSNightmare/RoguePlane”
  2. https://nvd.nist.gov/vuln/detail/CVE-2026-50656
  3. https://nvd.nist.gov/vuln/detail/CVE-2026-33825
  4. https://nvd.nist.gov/vuln/detail/CVE-2026-45498
  5. https://nvd.nist.gov/vuln/detail/CVE-2026-41091
  6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656
  7. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825
  8. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45498
  9. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091
Tags: RoguePlanet Chaotic Eclipse CVE-2026-45498 Microsoft CVE-2026-33825 CVE-2026-41091 CVE-2026-50656 The Hacker News
S SecurityXP
SecurityXP Cybersecurity News & Analysis

SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.

Twitter LinkedIn
View Articles

Security Digest

Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.

Related Articles

Vulnerabilities & Exploits

Microsoft June 2026 Security Updates

Microsoft's Urgent Security Update Microsoft has just released a massive security update, fixing 204 vulnerabilities, including 38 critical ones. This is a...

 Vulnerabilities & Exploits

Microsoft Patches Record 200 Vulnerabilities in June 2026 Patch Tuesday

Microsoft's June 2026 Patch Tuesday fixes a record 200 vulnerabilities, including a critical Active Directory RCE (CVE-2026-45648, CVSS 8.8).

 Vulnerabilities & Exploits

Cisco SD-WAN Manager Under Attack, No Patch Yet

Cisco has confirmed active exploitation of a high-severity vulnerability in Catalyst SD-WAN Manager. The flaw, CVE-2026-20245, scores 7.8 on the CVSS scale.

 Technology

Critical Windows Netlogon RCE Flaw Exploited

This vulnerability, tracked as CVE-2026-41089, has a CVSS score of 9.8. It's a stack-based buffer overflow issue that could be exploited via crafted network requests.