security

Weeks after the exploit code dropped, Redmond has finally ships a fix for the Defender zero-day

Microsoft has quietly fixed the “RoguePlanet” zero-day in Microsoft Defender, closing the latest hole exposed by security researcher Nightmare Eclipse after months of public sparring over the company's handling of vulnerability reports.The vulnerability, tracked as CVE-2026-50656, was addressed through an update to the Microsoft Malware Protection Engine rather than via its monthly Patch Tuesday bundle. Microsoft said customers should ensure they're running the latest engine version to receive the fix.The flaw first surfaced in June when Nightmare Eclipse published both technical details and proof-of-concept exploit code, claiming RoguePlanet worked against fully patched Windows 10 and Windows 11 systems. According to the researcher, the bug exploits a race condition in Microsoft Defender to spawn a command prompt with SYSTEM privileges, granting an attacker complete control of the local machine if the timing is right.

"The exploit is a race condition, so it's a hit or miss," Nightmare Eclipse wrote at the time. "I have managed to get a 100 percent success rate on some machines while it struggled to work on others."