Overview
- Microsoft released a Microsoft Malware Protection Engine update on Wednesday that delivers version 1.1.26060.3008 to remediate CVE-2026-50656, the vulnerability called RoguePlanet.
- RoguePlanet is a race‑condition local elevation‑of‑privilege in mpengine.dll that a proof‑of‑concept showed can let an attacker escalate from a standard user to NT AUTHORITY\SYSTEM on Windows 10 and Windows 11.
- A pseudonymous researcher known as Nightmare Eclipse published the public PoC in June after a disputed disclosure process with Microsoft, and Microsoft did not publicly credit that researcher in its advisory.
- After the patch was rolled out the researcher reported possible post‑patch behavior that may cause large Defender file writes and disk exhaustion; those claims are developing and need vendor or community validation.
- Microsoft says no action is required for default Defender configurations because the engine update installs automatically, but administrators should verify the engine version is 1.1.26060.3008 or higher and monitor endpoint storage and quarantines.