Security
Microsoft patches RoguePlanet Defender privilege-escalation zero-day
- Category: Security
- Status: confirmed
- Sources: MSRC advisory, Help Net Security
- Summary: Microsoft shipped a fix for RoguePlanet, CVE-2026-50656, a privilege-escalation flaw in the Microsoft Malware Protection Engine that powers Windows Defender. It is a race condition that lets a local attacker spawn a command shell running as SYSTEM on fully updated Windows 10 and Windows 11, and the public proof of concept works whether real-time protection is on or off. It is rated CVSS 7.8. A researcher using the handle Chaotic Eclipse published the exploit around the June 2026 Patch Tuesday amid a dispute with Microsoft over its bug-bounty and disclosure practices. The fix ships in Malware Protection Engine 1.1.26060.3008, which Defender applies through its automatic engine-update channel. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog as of this run.
- Why it matters: Defender runs at high privilege on nearly all Windows endpoints, so a race in its scanning engine that yields SYSTEM is broadly reachable, and the engine auto-update path is the main mitigation.
- Follow-up: Watch for confirmation the engine update reached managed fleets, any KEV listing, and further exploit variants.