Forgot your password?
typodupeerror
Security Microsoft Privacy

Microsoft Working To Patch 'RoguePlanet' Zero-Day (securityweek.com) 30

wiredmikey shares a report from SecurityWeek: Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse). "We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available," Microsoft adds.

RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges. The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed. [...] On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode, the researcher said.

This discussion has been archived. No new comments can be posted.

Microsoft Working To Patch 'RoguePlanet' Zero-Day

Comments Filter:
  • Unfortunately, the CRA only goes active end of 2027.

    • Microsoft and others can focus on reducing software complexity, reducing the mess of what's installed, reducing the number of binaries, DLLs, interprocess communication links and footprint of their software.

      Predict - Microsoft follows Apple and re-hosts Windows on top of Linux.

      • by gweihir ( 88907 )

        That would be the sane thing to do. I doubt Microsoft is aware how bad their problem has become though, because their profits are excellent. And hence I think they will continue the enshittification until things cannot be repaired anymore. That point may already lie in the past.

  • In Other Words (Score:5, Insightful)

    by jrnvk ( 4197967 ) on Wednesday June 17, 2026 @07:32PM (#66197762)

    "the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode"... so in other words, the application that was supposed to protect organizations actually became the attack vector. Awesome!

    • by gweihir ( 88907 )

      Incompetence at its finest!

    • the application that was supposed to protect organizations actually became the attack vector.

      That is how anti-virus works.

      It is a root kit with remote C&C that you expect to read all of your data.

      • the application that was supposed to protect organizations actually became the attack vector.

        That is how anti-virus works.

        It is a root kit with remote C&C that you expect to read all of your data.

        How much of anti-virus, was attacked with remotely controlled C&C features, 20+ years ago?

        Perhaps unnecessary complexity, is the real infection here.

        • Machines are generally more secure today than 20 years ago.

          Software firewalls were a big thing back then, and offered a convenient remote attack vector:
          All ports open, just to report if someone pings your box. Running with administrator rights, of course.

          Nowadays the common way is either to privilege escalate from JavaScript, or to go through Bluetooth.

          Virulently infecting the anti-virus gives you a free rootkit, and nobody is surprised if that roots through their box.

          The C&C aspect just helps mask any

    • by Slayer ( 6656 )

      Anyone remember the Witty worm [wikipedia.org]? This was over 20 years ago, and so called "security" vendors still haven't learned a thing. Given the underlying security of Microsoft products, any software trying to defend this quagmire is bound to be so complex, that it will be more risk than benefit at some point.

  • Are they going to keep trying to takedown his repositories too?

  • Is there such a thing as a low quality security update?

    • Is there such a thing as a low quality security update?

      Unfortunately yes, as some security update fixes turn out to not actually fix the entire set of issues that the vulnerability took advantage of (it might have fixed one avenue, but not all alternative avenues).

    • In Microsoft's case, yes, definitely.

      Updates that don't fix the vulnerability, updates that create brand new vulnerabilities, updates that brick your hard drive, updates that wipe your data, we've seen them all.
      • In Microsoft's case, yes, definitely.

        While it is fashionable to pick on Microsoft (and they do deserve some shame), the Linux Kernel had many failures to fix the various copy-fail/dirty-fail variant vulnerabilities (a new fix once a day for a period of time) just a couple of weeks ago. No OS is immune from fixes that are not complete.

    • Yes, that's why they have to specify.

      "Microsoft sucks" isn't just something you read in Slashdot comments anymore. This last year or two, the meme has gone fully mainstream. Starting with the Clownstrike thing (blamed on Microsoft, rightly or wrongly) and accelerating with the Windows 11 shitshow and the contemporary Copilot / cloud services force-feeding.

      Their patches have gotten so bad in the vibe-coding era that even Susan From Accounting is starting to notice. She's afraid to update anything now. I don'

      • I think most people assign most of the blame for the clownstroke problem to them, and only a portion to Microsoft. They claimed they weren't using eBPF on Windows like they do on Linux because it's not sufficiently mature on Windows. So far I haven't heard from anyone who really knows whether that's true.

        On the other hand, Microsoft has always been terrible. Updating windows has always been hazardous. Even in good times it would often scramble itself and stop updating until you did some magic bullshit, usua

      • by Slayer ( 6656 )

        Starting with the Clownstrike thing (blamed on Microsoft, rightly or wrongly) and accelerating with the Windows 11 shitshow and the contemporary Copilot / cloud services force-feeding.

        When people blame Microsoft, they typically mean their Microsoft loving corporate IT. The same folks, who bought Crowdstrike products, also think that Windows is the only viable operating system in a corporate outfit. Since I am sure, that Microsoft's sales reps do anything in their power to support this view, they do share some of the blame.

  • I'm just not impressed yet. Out of all this "AI bug apocalypse" story, we've got one RCE in some FreeBSD NFSd bug (ie.. not enabled by default and very unlikely to be exposed to the internet) that the "AI Gods" have rained down fire on us with. I mean.... is that it? C'mon man, Anthropic said they'd found THOUSANDS in operating systems not just boring web applications or databases and they had the crypto signatures to prove it later (yet they only shared a few dozen of those, hmmkay). Sure, sure, patch the
    • by Slayer ( 6656 )

      Bullshit flag thrown. My homeboy Chaotic Nightmare Relapse or whatever has my vote for the bigger bad ass, lol.

      And I am sure you never asked yourself: how did Nightmare Eclipse find all these bugs so quickly? And why now? Right?

      • How did Solar Designer find bugs? Believe it or not, folks were perfectly capable of finding exploitable bugs without AI before, too.
  • by Canberra1 ( 3475749 ) on Wednesday June 17, 2026 @10:49PM (#66197946)
    So far MS has offered no excuses for the regression of multiple high severity fixes. This guy is reinforcing honesty and accountability. Some think MS can afford code reviews, duty programmers and people who can read dumps and backtrack. No lazy 'just the minimum'. In my day the author of the defective code, had other code reviewed and fixed. Sounds like this is not being done either. Fear not, AI will soon learn and target the commit tree by the weakest coder, by date of inexperience.
    • Also MS has a sneaky habit of reusing fix numbers, and sneaking in fixes willy nilly, so the number of patches does not look that bad. The Justification is to make it harder for hackers to see what was fixed. Unfortunately on darkweb, that is already done. Most lawful security experts do not have the time to troll forum's down the rabbit hole at their employers expense (or arbitrary budget).
  • Patch Tuesday has always been a headache.
    Oh Shit Wednesday is really no fun.
    Want hotpatching? Only if you tithe, well 15% this year.

  • thats a fucking joke, right?

Many people are unenthusiastic about your work.

Working...