Nightmare Eclipse Drops Yet Another MSFT Exploit, RoguePlanet

The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.

June 10, 2026

The zero-day "nightmare" apparently isn't over for Microsoft, as a disgruntled researcher who's been feuding with the company for the last three months has dropped yet another proof-of-concept (PoC) exploit for a purported zero-day flaw.

For the second month in a row, that researcher — who goes by the online name "Nightmare-Eclipse" — released a zero-day exploit called RoguePlanet right after Microsoft released its raft of Patch Tuesday updates yesterday, which contained a record 206 CVEs. Some of those updates addressed previous several zero-day exploits published by Nightmare-Eclipse.

The latest zero-day is once again for Windows Defender, the Microsoft security service that was also impacted by other exploits released by Nightmare-Eclipse. The vulnerability this time is exploited by "a race condition, so it's a hit or miss," the researcher wrote in GitHub notes for the RoguePlanet release. If successful, the exploit spawns a command shell running under SYSTEM-level privileges, which would give an attacker complete access to a compromised Windows machine.