- Microsoft confirms RoguePlanet as CVE‑2026‑50656, an elevation‑of‑privilege flaw in Defender’s Malware Protection Engine
- Disclosed by Chaotic Eclipse as a race‑condition zero‑day granting SYSTEM privileges on fully patched Windows 10/11
- Seventh exploit in their campaign; PoC validated by ThreatLocker, with Microsoft promising a fix despite ongoing feud
Microsoft has assigned a unique identifier for the recently-disclosed RoguePlanet vulnerability and confirmed it is now working on a fix.
“Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as ‘RoguePlanet,’ the company said in a recently disclosed security advisory.
“We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.”
Chaotic Eclipse’s grudge
A security researcher with the alias Chaotic Eclipse recently disclosed a zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its June Patch Tuesday cumulative update.
Chaotic Eclipse is waging a personal crusade against Microsoft, whom they’re accusing of being disrespectful and poorly handling vulnerability disclosures. RoguePlanet is the seventh zero-day exploit they disclosed in a matter of months. This bug, described as a “race condition vulnerability”, grants attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
Before that, they also published BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend flaws. Some of them affect Microsoft Defender, and some BitLocker and other Windows components.
They published a Proof-of-Concept (PoC) exploit in a self-hosted Git, after saying that both GitHub and GitLab repositories hosting earlier work got removed by Microsoft.
