A new zero-day vulnerability in Microsoft Defender, 'RoguePlanet,' can still be exploited even after all Windows Update patches from June 10, 2026, have been applied.
Just hours after Microsoft fixed two known vulnerabilities in the June 2026 Windows Update, a new zero-day vulnerability in Microsoft Defender, dubbed 'RoguePlanet,' was disclosed.
Nightmare Eclipse: RoguePlanet, a quick history
Nightmare Eclipse: It's patch Tuesday!!!
https://deadeclipse666.blogspot.com/2026/06/its-patch-tuesday.html
Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/
RoguePlanet was developed and released by a security researcher who goes by the name Nightmare Eclipse. RoguePlanet is a vulnerability developed to allow remote code execution. When a user opens a file hosted on a remote SMB server, Microsoft Defender overwrites its own file, enabling remote code execution.
According to Nightmare Eclipse, this vulnerability exploits a race condition, so success or failure depends on luck. He reported, 'We were able to achieve a 100% success rate on some machines, but it didn't work well on others.'
Cybersecurity firm ThreatLocker has reported successfully reproducing the vulnerability in its own tests. It is also reported that this vulnerability will persist even after the Windows Update released on June 10, 2026.
Today is the monthly 'Windows Update' day, fixing 3 zero-day vulnerabilities and 200 other vulnerabilities - GIGAZINE
Nightmare Eclipse has previously disclosed four vulnerabilities: BlueHammer, RedSun, GreenPlasma, and YellowKey. Nightmare Eclipse appears to have a feud with Microsoft, and most of these vulnerabilities were intentionally released immediately after Windows Updates.
Security researcher who posted about a zero-day vulnerability in Windows claims he was 'banned from GitHub in retaliation from Microsoft' - GIGAZINE
NightmareEclipse has expressed dissatisfaction with Microsoft's bug bounty program, claiming that 'Microsoft doesn't respond to inquiries' and that 'the Microsoft account he used to report vulnerabilities was deleted.' His GitHub account has also been frozen several times, and although he created a new account for the release of RoguePlanet, he says he is 'almost certain that Microsoft will file a complaint and eventually ban it.'
GitHub - MSNightmare/RoguePlanet: RoguePlanet Windows Defender Vulnerability · GitHub
https://github.com/MSNightmare/RoguePlanet
Related Posts:
