Blog Details

Per week within the past, the safety researcher who goes by “Nightmare Eclipse” printed details about RoguePlanet, a zero-day security vulnerability in Microsoft’s Defender security program. The vulnerability, officially designated CVE-2026-50656, can even be exploited by hackers to procure complete earn entry to to your computer.

The vulnerability exists in fully patched Home windows 10 and Home windows 11 gadgets and enables attackers to generate relate prompts with plot privileges by process of a scuttle situation in Microsoft Defender. The security knowledgeable printed a proof-of-notion exploit in a self-hosted Git repository and claimed that Microsoft had previously centered and eradicated its exploit-cyber web cyber web hosting repositories on GitHub and GitLab.

The security knowledgeable writes: “The exploit is a scuttle situation, so it’s profitable or omit. I even accumulate managed to earn a 100% success price on some machines whereas it struggled to work on others.”

In a statement to BleepingComputer, a Microsoft spokesperson outlined that the firm is engaged on rising a security patch for RoguePlanet, that could well perchance also confidently be launched to the general public quickly:

Microsoft is responsive to an elevation of privilege within the Microsoft Malware Security Engine in Microsoft Defender publicly most regularly known as ‘RoguePlanet.’

We’re working to produce a high quality security update that addresses this vulnerability. We are going to be in a position to present recordsdata on this CVE when the update is on the market.

Only within the near past, the identical security researcher has printed details just a few entire differ of security vulnerabilities in Home windows and its linked plot, at the side of BlueHammer, RedSun, MiniPlasma, and YellowKey.