wiredmikey shares a report from SecurityWeek: Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse). "We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available," Microsoft adds. RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges. The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed. [...] On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode, the researcher said. Read more of this story at Slashdot.
Microsoft Working To Patch 'RoguePlanet' Zero-Day (securityweek.com) 3 wiredmikey shares a report from SecurityWeek: Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse). "We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available," Microsoft adds. RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges. The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed. [...] On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode, the researcher said. RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges. The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed. [...] On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode, the researcher said. This would be a nice CRA case (Score:2) Unfortunately, the CRA only goes active end of 2027. In Other Words (Score:2) "the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode"... so in other words, the application that was supposed to protect organizations actually became the attack vector. Awesome! more takedowns in the shadows too (Score:2) Are they going to keep trying to takedown his repositories too?
Comments
No comments yet. Start the discussion.