RoguePlanet Zero-Day Exploit Targets Microsoft Defender, Grants SYSTEM Access on Patched Windows Systems
Hard crust, hollow middle. Skim only.
Summary
A proof-of-concept exploit called RoguePlanet targets a race-condition zero-day vulnerability in Microsoft Defender, granting SYSTEM-level access on fully updated Windows 10 and Windows 11 systems (June 2026 Patch Tuesday). The exploit has inconsistent success rates and currently fails on Windows Server due to ISO mounting restrictions. The researcher also noted additional Defender memory corruption and component vulnerabilities. Prior related flaws include BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091).
Key quotes
· 4 pulledThe PoC for Defender zero-day RoguePlanet is a race-condition exploit with inconsistent success across machines.
Successful exploitation provides a shell running with SYSTEM-level privileges, enabling arbitrary code execution or unauthorized actions.
The exploit currently fails on Windows Server because standard users cannot mount an ISO image, requiring redesign for Server compatibility.
The researcher also cited additional Defender memory corruption vulnerabilities and other component vulnerabilities.
You might also wanna read
Anonymous researcher releases two new Windows zero-day exploits after Patch Tuesday
An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker
theregister.com·13d agoAnonymous researcher releases two new Windows zero-day exploits after Patch Tuesday
An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker
theregister.com·13d ago
Microsoft zero-day feud escalates as researcher threatens major exploit release on July 14
The ongoing feud between Microsoft and security researcher Nightmare Eclipse (aka Chaotic Eclipse) has escalated, with the researcher having
theregister.com·10d agoMicrosoft zero-day feud escalates as researcher threatens major exploit release on July 14
The ongoing feud between Microsoft and security researcher Nightmare Eclipse (aka Chaotic Eclipse) has escalated, with the researcher having
theregister.com·10d agoBlueHammer abuses Windows Defender's update process to gain SYSTEM access
Windows Defender Vulnerability Allows Malicious File Persistence Through Cloud Tag Detection
The article describes a GitHub repository called 'RedSun' that documents a Windows Defender vulnerability. The vulnerability involves Window
github.com·1mo ago
Security researcher publishes YellowKey zero-day exploit that bypasses Microsoft BitLocker encryption via USB stick
Security researcher Chaotic Eclipse (Nightmare-Eclipse) has published two new zero-day exploits targeting Microsoft systems after their prev
tomshardware.com·27d ago
Critical FreePBX Zero-Day Vulnerability CVE-2025-57819 Exposed and Exploited
A critical zero-day vulnerability (CVE-2025-57819) has been discovered in FreePBX, a popular open-source PBX system. The article details how
labs.watchtowr.com·9mo ago