CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 10, 2026

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

The Hacker News Archived Jun 10, 2026 ✓ Full text saved

The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit under a new GitHub account, "MSNightmare" said. "I have managed to get a 100% success rate on

Full text archived locally
✦ AI Summary · Claude Sonnet


    Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows Ravie LakshmananJun 10, 2026Zero-Day / Vulnerability The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit under a new GitHub account, "MSNightmare" said. "I have managed to get a 100% success rate on some machines while it struggled to work on others." Should the exploit succeed, the result is a shell with SYSTEM-level privileges, granting the attacker the ability to run arbitrary code or perform unauthorized actions. The researcher said the exploit has been tested on Windows 11 and 10 machines with the June 2026 Patch Tuesday updates installed, meaning the exploit works on the up-to-date versions of the desktop operating system. That said, the exploit does not work on Windows Server instances in its current form since "standard users cannot mount an ISO image." Chaotic Eclipse emphasized that Windows Server installations are also vulnerable to the flaw and that the exploit needs to be redesigned for it to work. "Getting this PoC to work genuinely drained my soul, it severely degraded my mental and physical health but in the end of May [sic], a full PoC was developed," the researcher said. "Microsoft's efforts to protect Defender from path redirection attacks are useless, I have a batch of memory corruption vulnerabilities in defender as well and not to mention the other batch of vulnerabilities I have in several other components." Video Credit: ThreatLocker Security researcher Will Dormann, in a post shared on Mastodon, said "it's reportedly not 100% reliable, but it worked on the first attempt for me." RoguePlanet is the latest in a series of flaws uncovered by Chaotic Eclipse in recent months - BlueHammer (CVE-2026-33825) UnDefend (CVE-2026-45498) RedSun (CVE-2026-41091) These uncoordinated disclosures are part of what's assessed to be a retaliatory effort following an alleged breakdown in communication between the researcher, who has not publicly identified themselves, and Microsoft. In cryptographically signed posts on their Blogger page, Chaotic Eclipse expressed dissatisfaction with the way Microsoft handled the disclosure process and called out the company for revoking access to their Microsoft Security Response Center (MSRC) account, where researchers can report vulnerabilities. The researcher has also accused Redmond of humiliating them, dismissing their reports, failing to compensate them for the identified vulnerabilities, and defaming them. Late last month, Microsoft condemned the public vulnerability disclosures, stating they are "never justifiable" and put customers at "unnecessary risk." It's worth noting that all three aforementioned Defender vulnerabilities have since been exploited in the wild. The public feud has also resulted in the takedown of their GitHub and GitLab accounts. "Microsoft is attempting to misuse its ownership of GitHub to protect only its own products, and misuse its extensive links to law enforcement by branding publishing information about vulnerabilities in its own products as criminal behaviour," security researcher Kevin Beaumont said. "To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research," Microsoft said in an X post. "When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate." "We are committed to approaching every interaction with transparency, clear communication, and professionalism. We continue to believe strongly in Coordinated Vulnerability Disclosure as the foundation for protecting customers and improving our products." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  GitHub, Microsoft Defender, MSRC, patch Tuesday, privilege escalation, Proof-of-Concept, Race Condition, Vulnerability, Windows, Zero-Day ⚡ Top Stories This Week ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors + 20 New Stories New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy and Cloudflare Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479) Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag Load More ▼ ⭐ Featured Resources [Guide] Transform Network Operations with Intelligent Workflows See How Agentic AI Cuts Your SOC Triage Time in Half [Get a Demo] Catch 88% of Malware Threats in Under 60 Seconds with Live Sandbox Analysis Get the 2026 Guide to Govern and Secure Enterprise AI Agents at Scale
    💬 Team Notes
    Article Info
    Source
    The Hacker News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 10, 2026
    Archived
    Jun 10, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗