{"id":1355,"date":"2026-06-17T20:04:57","date_gmt":"2026-06-17T20:04:57","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1355"},"modified":"2026-06-17T20:04:57","modified_gmt":"2026-06-17T20:04:57","slug":"microsoft-confirms-rogueplanet-defender-zero-day-says-patch-is-in-development","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1355","title":{"rendered":"Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Jun 17, 2026<\/span><\/span><span class=\"p-tags\">Endpoint Security \/ Vulnerability<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgy3ayOlDb3vsL747G9hStxxjTd3N5i2u8hegcT_hTs4RlNqylS_HyYH4mGLQEavD-QwH3G4l-p2tE5xrXoeK-Btj5YjbENpZcnqRZ7mXCjnJgqHKaoqyE3I3yqy3tYxafbDGNOMrDsvTnJ8UKkn7DDQ8PY_sQNZI6TsNTV0lOmSqs1uxUKm3pgpmkSDpeZ\/s1700-e365\/ms-patch.jpg\" style=\"clear: left; display: block; float: left;  text-align: center;\"><\/a><\/div>\n<p>Microsoft has formally disclosed that it&#8217;s working to release a patch to address a Defender zero-day codenamed RoguePlanet.<\/p>\n<p>The vulnerability has now been assigned the CVE identifier <b><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-50656\">CVE-2026-50656<\/a><\/b> (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw.<\/p>\n<p>\u00abMicrosoft is aware of an elevation of privilege in the Microsoft Malware Protection Engine in Microsoft Defender, publicly referred to as &#8216;RoguePlanet,'\u00bb the company said. \u00abWe are working to provide a high-quality security update that addresses this vulnerability.\u00bb\u00a0<\/p>\n<p>The development comes nearly a week after a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse) released RoguePlanet, calling the exploit a case of a race condition that grants attackers a shell with SYSTEM-level privileges.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>\u00abThe exploit is a race condition, so it&#8217;s a hit or miss,\u00bb the researcher noted. \u00abI have managed to get a 100% success rate on some machines while it struggled to work on others.\u00bb<\/p>\n<p>In an update shared Tuesday, the researcher <a href=\"https:\/\/blog.projectnightcrawler.dev\/posts\/2026-06-16-rogueplanet-another-quick-statement\/\">added<\/a>: \u00abI forgot to add one thing, surprisingly, the PoC for RoguePlanet works regardless if real-time protection is on or not, which is hilarious. I think it even works in the case of passive mode, but not really sure, haven&#8217;t tested that.\u00bb<\/p>\n<p>Microsoft told The Hacker News last week that it&#8217;s aware of the reported vulnerability and that it&#8217;s \u00abactively investigating the validity and potential applicability of these claims.\u00bb<\/p>\n<p>RoguePlanet is the fourth Defender vulnerability disclosed by Chaotic Eclipse after BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091), all of which have since been patched by Microsoft.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Jun 17, 2026Endpoint Security \/ Vulnerability Microsoft has formally disclosed that it&#8217;s working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability has now been&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1356,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[63,1246,1754,147,348,1987,126],"class_list":["post-1355","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-confirms","tag-defender","tag-development","tag-microsoft","tag-patch","tag-rogueplanet","tag-zeroday"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1355","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1355"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1355\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1356"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1355"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1355"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1355"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}