Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw

Vulnerability
First reported
Last updated
Happening score
H score 35
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft Defender zero-day RoguePlanet affects fully patched Windows 10 and Windows 11 systems and can spawn a SYSTEM command prompt. The flaw is a race condition that enables local privilege escalation on patched devices. A public proof-of-concept was posted shortly after June 2026 Patch Tuesday, and ThreatLocker said it reproduced the exploit on fully patched Windows 11 with KB5094126. The researcher says the issue was originally built toward remote code execution over SMB-hosted files, but the current release is framed mainly as LPE.

Related Happenings

Windows Collaborative Translation Framework CTFMON improper link resolution EoP security flaw (CVE-2026-45586)

Vulnerability
H score20 First: 09.06.2026 20:57 Last: 09.06.2026 20:57 Sources 1

About this happening: **Windows Collaborative Translation Framework (CTFMON)** has a **local privilege-escalation vulnerability**, **CVE-2026-45586**, that Microsoft patched in **June 2026**. An author...

Open Happening

Microsoft SharePoint remote code execution (CVE-2026-45659)

Vulnerability
H score17 First: 26.05.2026 14:49 Last: 26.05.2026 14:49 Sources 1

About this happening: **Microsoft SharePoint** **CVE-2026-45659** is a **remote code execution** vulnerability that lets an **authenticated attacker** with **Site Member** permissions run code over the...

Open Happening

Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)

Vulnerability
H score39 First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...

Open Happening

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
H score52 First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Windows cldflt.sys privilege escalation (CVE-2020-17103)

Vulnerability
H score28 First: 18.05.2026 01:30 Last: 18.05.2026 01:30 Sources 1

About this happening: A public **MiniPlasma** proof-of-concept has renewed concern around the **Windows cldflt.sys Cloud Filter driver** because it can elevate a **standard user** to **SYSTEM** on **fu...

Open Happening

Timeline

  1. 10.06.2026 02:11 2 articles · 3h ago

    Nightmare Eclipse releases RoguePlanet Microsoft Defender exploit

    Initial Disclosure

    Nightmare Eclipse releases the RoguePlanet proof-of-concept as a Microsoft Defender race-condition exploit that can spawn a command prompt with SYSTEM privileges on fully patched Windows 10 and Windows 11 systems.

    Show sources
    Open in new tab
  2. 10.06.2026 02:11 1 articles · 3h ago

    ThreatLocker reproduces RoguePlanet on fully patched Windows 11

    Technical Analysis Update

    ThreatLocker reproduces RoguePlanet against fully patched Windows 11 systems with KB5094126 installed and says application allowlisting can prevent the exploit from executing.

    Show sources
    Open in new tab