Microsoft Defender Zero-Day Grants SYSTEM Access

New RoguePlanet zero-day in Microsoft Defender can grant SYSTEM privileges on fully patched Windows 10 and 11 systems.

An anonymous security researcher known as Chaotic Eclipse, also referred to as Nightmare-Eclipse, has publicly released a proof-of-concept (PoC) exploit for a newly disclosed Microsoft Defender zero-day vulnerability dubbed RoguePlanet.

According to the researcher, the flaw can be exploited to obtain SYSTEM-level privileges on Windows 10 and Windows 11 devices, allowing attackers to execute arbitrary code and perform highly privileged actions on affected systems.

Chaotic Eclipse said the vulnerability was tested against Windows 10 and Windows 11 systems running Microsoft’s June 2026 Patch Tuesday updates, indicating that fully patched machines remain vulnerable.

The exploit relies on a race condition and is described as inconsistent, with success rates varying between systems. However, when successful, it provides a command shell running with SYSTEM privileges.

Security researcher Will Dormann independently tested the exploit and reported that it worked on his first attempt, despite claims that reliability is not guaranteed.

While the current proof-of-concept does not function against Windows Server installations, the researcher stated that the underlying vulnerability still affects those systems. The exploit reportedly fails because standard users cannot mount ISO images on Windows Server by default, requiring a different attack method.

RoguePlanet is the latest in a series of Microsoft Defender vulnerabilities publicly disclosed by Chaotic Eclipse in recent months. Previous disclosures include BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091).

The disclosures come amid an ongoing dispute between the researcher and Microsoft. Chaotic Eclipse has publicly criticized Microsoft’s vulnerability handling process, alleging poor communication, dismissal of reported issues, revocation of access to the Microsoft Security Response Center (MSRC) platform, and a lack of compensation for reported vulnerabilities.

Microsoft has previously condemned public releases of unpatched vulnerability details, stating that such disclosures place customers at unnecessary risk. The company noted that several previously disclosed Defender vulnerabilities were later observed being exploited in the wild.

The controversy has also led to the removal of the researcher’s GitHub and GitLab accounts, prompting criticism from some members of the cybersecurity community. Security researcher Kevin Beaumont argued that vulnerability research and disclosure should not be treated as criminal activity.

Microsoft responded by stating that it does not intend to pursue legal action against individuals who conduct or publish legitimate security research. The company reiterated its support for Coordinated Vulnerability Disclosure and said it remains committed to transparency and professional engagement with security researchers.

At the time of publication, Microsoft had not announced a security update addressing the RoguePlanet vulnerability.

https://mydrugs4w5ophwf4i5ppqwojwdwsch4e******oyq6wo7loybbo243id.onion

Related articles :

• Coruna iOS Exploit Kit Reuses Triangulation Zero-Days

• Interview with Pentester Cyberjagu

• Critical GitHub Enterprise Flaw Exposes Servers

__Reports are sourced from official documents, law-enforcement updates, and credible investigations.

Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.__