Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)


Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)

Pierluigi Paganini
July 09, 2026

Microsoft fixed RoguePlanet (CVE-2026-50656), a Defender flaw allowing local attackers to gain higher privileges through the Malware Protection Engine.

Microsoft released security updates for RoguePlanet, a vulnerability tracked as CVE-2026-50656 (CVSS score of 7.8) affecting the Malware Protection Engine used by Defender. The Microsoft Malware Protection Engine (mpengine.dll) powers Defender’s malware scanning, detection, and removal functions.

The flaw is a local privilege escalation issue that could allow an attacker with access to a system to obtain higher privileges and potentially compromise security controls.

In mid-June, Microsoft acknowledged the RoguePlanet zero-day affecting Microsoft Defender and stated it is aware of the issue and was actively developing a security update to address the flaw and protect affected systems.

A week before, the security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, published a new proof-of-concept exploit for a RoguePlanet Microsoft Defender zero-day.

The flaw relies on a race condition that can provide attackers with SYSTEM-level privileges, allowing them to execute code with the highest permissions. The exploit was successfully tested on fully updated Windows 10 and Windows 11 systems running the June 2026 Patch Tuesday updates, showing that patched systems may still be vulnerable.

“Yes the rumors were true, a zero day vulnerability will be dropped this month as well

https://github.com/MSNightmare/RoguePlane” wrote the researcher. “As mentioned in the repo, it’s a race condition, I managed to stabilize it as much as I can but writing this PoC geniunely drained my soul.”

The researcher said he spent weeks working almost continuously to develop a working RoguePlanet exploit after Microsoft updates initially broke the prototype. Despite Microsoft’s efforts to strengthen Defender against path redirection attacks, he claimed to have restored the PoC by the end of May. The researcher also alleged that Microsoft Defender remains vulnerable and claimed to have discovered additional memory corruption flaws and other security issues affecting multiple components.

The RoguePlanet exploit currently does not work on Windows Server because standard users cannot mount ISO images, although the researcher claims the underlying vulnerability still affects server installations and only requires a different exploitation method.

“The race condition part is a bit interesting, I believe (but not sure) that a redesign of the PoC can make it achieve a 100% success rate regardless of the conditions but honestly I’m done with this bug. If the exploit succeeds, a SYSTEM shell will be spawned” continues the researcher.

In an update published by the researcher, he claimed the RoguePlanet PoC worked even with Microsoft Defender real-time protection disabled or enabled, and likely in passive mode too.

“I forgot to add one thing, surprisingly, the PoC for RoguePlanet works regardless if real-time protection is on or not, which is hilarious. I think it even works in the case of passive mode, but not really sure, haven’t tested that.” wrote the expert.

The issue was fixed in Microsoft Malware Protection Engine version 1.1.26060.3008, which also includes additional security hardening updates.

“For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.” reads the advisory. “Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.”

RoguePlanet is the fourth Defender flaw reported by the researcher, following BlueHammer, UnDefend, and RedSun, all already fixed by Microsoft.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)







Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

Recent Reviews


AirPods Pro 3

Jada Jones/ZDNET

This year’s WWDC is packed with announcements, including customization to the Liquid Glass display, substantial upgrades to Siri, and more intuitive device functionality.

Also: Apple WWDC 2026: Live updates on iOS 27, Siri, and Tim Cook’s last event as CEO

If you’re an avid AirPods user, there’s one announcement that may excite you, but speakers breezed past it, offering hardly any details. Still, Apple promised a real equalizer in iOS 27, finally giving users the opportunity to customize the sound of their AirPods. 

Apple didn’t say much about the equalizer, but a brief animation showed a graphic EQ, with options to create a custom EQ profile or choose Apple’s recommended EQ settings. Users can adjust lows, mids, and highs, though it’s unclear how precise the equalizer will be.

AirPods EQ WWDC

Apple

Previously, Apple had full faith in its headphones’ sound profile, vowing that its sound engineers crafted AirPods to sound as best as possible. Still, users prefer some control over their devices, and a custom EQ is a welcome addition.

Also: The feature Apple needs to make HomePod stand out isn’t audio-related

AirPods users could only change their AirPods sound profiles in Apple Music settings, and this customization feature still limited them to preset EQ profiles. 

An equalizer is a staple feature for consumer headphones, and even the most limited equalizers are better than none. Bose’s equalizer, for example, allows users to toggle bass, mids, and treble on a 20-point scale. 

Other companies, like JBL, offer a detailed equalizer with 10 frequency bands, adjustable in Hz. I don’t expect Apple’s equalizer to be as thorough as JBL’s, but instead to be on par with Bose’s. Either way, even if you’re content with your AirPods’ sound profile, the option to change it is what matters. 





Source link