- Chaotic Eclipse releases Windows’ seventh zero-day, “RoguePlanet,” hours after Patch Tuesday
- Race condition exploit grants SYSTEM privileges; PoC confirmed viable by ThreatLocker
- The researcher continues with public revelations in the midst of a dispute with Microsoft, after BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma and MiniPlasma.
Chaotic Eclipse, the mysterious security researcher with a grudge against Microsoft, revealed another zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its recent record-breaking June Patch Tuesday cumulative update.
This is the seventh zero-day exploit that Chaotic Eclipse has revealed in a matter of months. This bug, dubbed “RoguePlanet,” is described as a “race condition vulnerability” that grants attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
The researcher published a proof-of-concept (PoC) exploit earlier this week in a self-hosted Git, after saying that Microsoft removed GitHub and GitLab repositories that hosted previous work.
Working as described
“The exploit is a race condition, so it’s a hit or miss. I’ve managed to get a 100% success rate on some machines while on others it was struggling to function,” they explained.
ThreatLocker security researchers confirmed to the publication that the flaw works and even recorded a video to demonstrate how it works.
“Our initial analysis confirms that the RoguePlanet exploit is viable and works as described. Organizations that use the allowed application list can prevent the exploit from executing, providing an effective layer of protection against this attack,” said Danny Jenkins, CEO of ThreatLocker. beepcomputer.
In early April 2026, Chaotic Eclipse revealed to have found BlueHammer, a Windows Defender privilege escalation vulnerability. At the time, they said they were leaking it because they were dissatisfied with the way Microsoft handled vulnerability disclosures.
“They mopped the floor with me and used every playground they could. It was so bad that at some point I wondered if I was dealing with a huge corporation or someone who just had fun watching me suffer, but it seems to be a collective decision,” they later explained.
Meanwhile, six more flaws were revealed: RedSun, UnDefend, YellowKey, GreenPlasma and MiniPlasma; Microsoft released this month’s Patch Tuesday cumulative update, fixing two of the flaws: GreenPlasma and YellowKey.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
