- Microsoft patched a Defender privilege escalation flaw called RoguePlanet, tracked as CVE-2026-50656, nearly a month after public disclosure.
- The vulnerability, rated 7.8 on the CVSS scale, affects the Microsoft Malware Protection Engine and allows SYSTEM-level code execution via a race condition.
- Researcher Chaotic Eclipse disclosed RoguePlanet, which works on fully updated Windows systems regardless of real-time protection status.
Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public. The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine.
The issue has been remediated in engine version 1.1.26060.3008, along with defense-in-depth updates. RoguePlanet was first disclosed by a security researcher named Chaotic Eclipse, describing it as a race condition that could be abused to spawn a shell with SYSTEM-level privileges.
The exploit has been found to work on systems running up-to-date versions of Windows with the June 2026 Patch Tuesday updates installed. Subsequent research revealed that the exploit works regardless of whether real-time protection is on or not.
RoguePlanet is the fourth Defender vulnerability disclosed by the researcher after BlueHammer, UnDefend, and RedSun, all of which have since been patched by Microsoft. The Windows maker said no customer action is required to install the update, as the software is frequently updated automatically.
“Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily,” Microsoft stated. Customers can also choose to manually check for updates at any time.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
