- Microsoft confirms RoguePlanet as CVE-2026-50656, an elevation-of-privilege flaw in Defender’s Malware Protection Engine
- Revealed by Chaotic Eclipse as race-based zero-day that grants SYSTEM privileges on fully patched Windows 10/11
- Seventh exploit in their campaign; PoC validated by ThreatLocker, with Microsoft promising a fix despite ongoing feud
Microsoft has assigned a unique identifier for the newly disclosed RoguePlanet vulnerability and confirmed that it is now working on a fix.
“Microsoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender, publicly referred to as ‘RoguePlanet,'” the company said in a recently published security advisory.
“We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available.”
Chaotic Eclipse’s grudge
A security researcher with the alias Chaotic Eclipse recently disclosed a zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its June Patch Tuesday cumulative update.
Chaotic Eclipse is waging a personal crusade against Microsoft, which it accuses of being disrespectful and poorly handling vulnerability disclosures. RoguePlanet is the seventh zero-day exploit they revealed in a matter of months. This flaw, described as a “race mode vulnerability,” allows attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
Before that they also released BlueHammer, RedSun, GreenPlasma, MiniPlasma, YellowKey and UnDefend bugs. Some of them affect Microsoft Defender, and some BitLocker and other Windows components.
They released a Proof-of-Concept (PoC) exploit in a self-hosted Git, after saying that both GitHub and GitLab repositories hosting previous work were removed by Microsoft.
“The exploit is a race condition so it’s hit or miss. I’ve managed to get a 100% success rate on some machines while it struggled to work on others,” they explained. Security researchers ThreatLocker confirmed to the publication that the flaw works and even recorded a video to demonstrate how it works.
Microsoft is now tracking RoguePlanet as CVE-2026-50656. Previously, it said it was considering legal action when people engage in “malicious activity that causes real harm to our customers”. Chaotic Eclipse seems unfazed by these warnings, which some interpreted as threats.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
