Microsoft Malware Protection Engine race-condition elevation-of-privilege remote code execution flaw (CVE-2026-50656)
Vulnerability
Summary
Hide ▲
Show ▼
A Microsoft Defender zero-day tracked as CVE-2026-50656 can elevate privileges to SYSTEM on fully patched Windows 10 and Windows 11 devices. Microsoft says it is working on a security update, leaving the flaw temporarily unpatched. The bug is publicly known as RoguePlanet and affects the Microsoft Malware Protection Engine.
Related Happenings
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
Vulnerability
H score39
First: 10.06.2026 02:11
Last: 10.06.2026 02:11
Sources 1
About this happening:
Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Microsoft Defender RoguePlanet race-condition zero-day remote code execution flaw
VulnerabilityAbout this happening: Microsoft Defender zero-day RoguePlanet is a race-condition flaw affecting fully patched Windows 10 and Windows 11 systems. A public proof-of-concept exploit was released shortly...
Latest development: 10.06.2026 08:22
The anonymous security researcher Chaotic Eclipse, also known as Nightmare-Eclipse, released a proof-of-concept (PoC) exploit for the Microsoft Defender zero-day RoguePlanet under a new GitHub account named MSNightmare. The race-condition exploit can yield a SYSTEM-level shell and arbitrary code execution when it succeeds, has been tested on Windows 11 and Windows 10 with the June 2026 Patch Tuesday updates installed, and currently does not work on Windows Server without redesign because standard users cannot mount an ISO image.
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
H score48
First: 01.06.2026 15:30
Last: 01.06.2026 15:30
Sources 1
About this happening:
Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector ActionAbout this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
Timeline
-
17.06.2026 11:32 2 articles · 1h ago
Microsoft prepares a security update for RoguePlanet in Defender
Mitigation Patch UpdateMicrosoft said it is working to provide a high-quality security update for RoguePlanet, an elevation-of-privilege flaw now tracked as CVE-2026-50656 in the Microsoft Malware Protection Engine in Microsoft Defender. The researcher known as Nightmare Eclipse said the race-condition exploit can spawn SYSTEM command prompts on fully patched Windows 10 and Windows 11 devices, shared proof-of-concept code in a self-hosted repository, and said the PoC works even when real time protection is enabled.
Show sources
- Microsoft working on Defender patch for RoguePlanet zero-day — www.bleepingcomputer.com — 17.06.2026 11:32
- Microsoft working on Defender patch for RoguePlanet zero-day — www.bleepingcomputer.com — 17.06.2026 11:32