Overview
- Microsoft confirmed Wednesday that the Defender flaw has been tracked as CVE-2026-50656 and said it is working to provide a high-quality security update.
- RoguePlanet is a race-condition bug in the Microsoft Malware Protection Engine that can allow a local attacker to escalate privileges to SYSTEM on fully patched Windows 10 and Windows 11 devices.
- The proof-of-concept posted by researcher Nightmare Eclipse is publicly available and the author says it can work even with Defender real-time protection enabled, though success is hit-or-miss because exploitation depends on winning a race.
- Microsoft has not observed exploitation in the wild but rated the flaw “Exploitation More Likely” and assigned the defect a CVSS score of 7.8.
- The disclosure follows several recent public releases of Microsoft zero-days by the same researcher, a pattern that shortens defenders’ patch window, increases reliance on interim mitigations and detection rules, and keeps pressure on Microsoft’s disclosure process.