Microsoft says it's hard at work on a patch for this worrying Defender zero-day

"Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender publicly referred to as 'RoguePlanet,' the company said in a recently disclosed security advisory.

"We are working to provide a high quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available."

Chaotic Eclipse's grudge

A security researcher with the alias Chaotic Eclipse recently disclosed a zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its June Patch Tuesday cumulative update.

Chaotic Eclipse is waging a personal crusade against Microsoft, whom they’re accusing of being disrespectful and poorly handling vulnerability disclosures. RoguePlanet is the seventh zero-day exploit they disclosed in a matter of months. This bug, described as a “race condition vulnerability”, grants attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.

Before that, they also published BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend flaws. Some of them affect Microsoft Defender, and some BitLocker and other Windows components.

They published a Proof-of-Concept (PoC) exploit in a self-hosted Git, after saying that both GitHub and GitLab repositories hosting earlier work got removed by Microsoft.

"The exploit is a race condition, so it's a hit or miss. I have managed to get a 100% success rate on some machines while it struggled to work on others," they explained. Security researchers ThreatLocker confirmed to the publication that the flaw works and even recorded a video to demonstrate how it works.

Microsoft now tracks RoguePlanet as CVE-2026-50656. Earlier it said it considered legal action when people engage in “malicious activity causing real harm to our customers”. Chaotic Eclipse seems unphased by these warnings, which some interpreted as threats.

Via BleepingComputer