Overview
- Microsoft assigned the flaw CVE-2026-50656 and said on June 17 that it is investigating the report and working to deliver a high-quality security update for the affected Malware Protection Engine.
- The proof-of-concept published by researcher Nightmare Eclipse abuses a race condition in Microsoft Defender to spawn a command shell running with SYSTEM privileges on Windows 10 and Windows 11.
- The researcher says the exploit can work regardless of Defender’s real-time protection setting but is hit-or-miss because it depends on winning a race; small code changes can evade signature-based blocks.
- Microsoft reported no observed in-the-wild exploitation but rated the bug 'Exploitation More Likely' on its exploitability index, signaling increased urgency for a patch and mitigations.
- The release follows months of public PoCs from the same researcher and recent June Patch Tuesday fixes for other Windows flaws, heightening tensions over disclosure practices and straining defenders who must test and harden systems before a patch arrives.