- Microsoft confirms RoguePlanet as CVE-2026-50656, an elevation of privilege flaw in the Defender malware protection engine
- Revealed by Chaotic Eclipse as a zero-day race condition granting SYSTEM privileges in fully patched Windows 10/11
- Seventh achievement in his campaign; PoC validated by ThreatLocker, and Microsoft promises a fix despite the ongoing dispute
Microsoft assigned a unique identifier for the recently disclosed RoguePlanet vulnerability and confirmed that it is now working on a fix.
“Microsoft is aware of an escalation of privileges in Microsoft’s malware protection engine in Microsoft Defender, publicly called ‘RoguePlanet,’ the company said in a recently disclosed security advisory.
“We are working to provide a high-quality security update that addresses this vulnerability. We will provide information on this CVE when the update is available.”
The Grudge of the Chaotic Eclipse
A security researcher with the alias Chaotic Eclipse recently revealed a zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its June Patch Tuesday cumulative update.
Chaotic Eclipse is waging a personal crusade against Microsoft, whom they accuse of being disrespectful and mishandling vulnerability disclosures. RoguePlanet is the seventh zero-day exploit they have revealed in a matter of months. This bug, described as a “race condition vulnerability,” grants attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
Before that, they also published bugs for BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey, and UnDefend. Some of them affect Microsoft Defender and some affect BitLocker and other Windows components.
They published a proof-of-concept (PoC) exploit on a self-hosted Git, after saying that Microsoft removed GitHub and GitLab repositories that hosted previous work.
“The exploit is a race condition, so it’s a hit or miss. I’ve managed to get a 100% success rate on some machines while on others it was struggling to function,” they explained. ThreatLocker security researchers confirmed to the publication that the flaw works and even recorded a video to demonstrate how it works.
Microsoft now tracks RoguePlanet as CVE-2026-50656. It previously said it considered taking legal action when people engaged in “malicious activity that causes real harm to our customers.” Chaotic Eclipse seems unfazed by these warnings, which some interpreted as threats.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
