- Chaotic Eclipse drops seventh Windows zero-day, “RoguePlanet”, hours after Patch Tuesday
- Race-condition exploit grants SYSTEM privileges; PoC confirmed viable by ThreatLocker
- Scientist continues public disclosures amid feud with Microsoft, following BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma and MiniPlasma
Chaotic Eclipse, the mysterious security researcher with a Microsoft eye, revealed another zero-day vulnerability in a fully patched Windows 11 device, just hours after Microsoft released its latest record June Patch Tuesday cumulative update.
This is the seventh zero-day exploit Chaotic Eclipse has revealed in a matter of months. Dubbed “RoguePlanet”, this bug is described as a “race mode vulnerability” that gives attackers SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
The researcher published a Proof-of-Concept (PoC) exploit earlier this week in a self-hosted Git, after saying that both GitHub and GitLab repositories hosting previous work were removed by Microsoft.
Performs as described
“The exploit is a race condition so it’s hit or miss. I’ve managed to get a 100% success rate on some machines while it struggled to work on others,” they explained.
Security researchers ThreatLocker confirmed to the publication that the flaw works and even recorded a video to demonstrate how it works.
“Our initial analysis confirms that the RoguePlanet exploit is viable and working as described. Organizations using application whitelisting can prevent the exploit from executing, providing an effective layer of protection against this attack,” said Danny Jenkins, CEO of ThreatLocker. Bleeping Computer.
In early April 2026, Chaotic Eclipse disclosed finding BlueHammer, an escalation of privilege vulnerability in Windows Defender. At the time, they said they leaked it because they were unhappy with how Microsoft handled disclosures of vulnerabilities.
“They mopped the floor with me and pulled all the childish games they could. It was so bad at one point I wondered if I was dealing with a large corporation or someone just having fun watching me suffer, but it seems to be a collective decision,” they later elaborated.
Meanwhile, six more bugs were revealed: RedSun, UnDefend, YellowKey, GreenPlasma and MiniPlasma – with Microsoft releasing this month’s Patch Tuesday cumulative update that fixes two of the bugs: GreenPlasma and YellowKey.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
