Microsoft Confirms RoguePlanet Defender Zero-Day

Microsoft confirmed it is developing a patch for RoguePlanet, a Microsoft Defender zero-day now tracked as CVE-2026-50656 with a CVSS score of 7.8. The vulnerability is an elevation-of-privilege flaw in the Microsoft Malware Protection Engine. A researcher known as Chaotic Eclipse released a proof-of-concept, describing the issue as a race condition that can grant SYSTEM-level privileges. The researcher claimed the exploit can work regardless of whether real-time protection is enabled. Microsoft said it is preparing a security update.

The flaw affects the Microsoft Malware Protection Engine and is described as an elevation-of-privilege vulnerability. In plain English, that means an attacker who already has some access to a machine may be able to gain SYSTEM-level privileges — the Windows equivalent of being handed the master key and told not to touch anything important.
A researcher known as Chaotic Eclipse released a proof-of-concept exploit, describing RoguePlanet as a race condition. Race conditions can be unpredictable, but the researcher claimed reliable success on some systems and noted that the exploit may work regardless of whether real-time protection is enabled.

That last point is particularly uncomfortable because Defender is meant to be part of the solution, not part of the escalation path.
Microsoft has acknowledged the issue and said a security update is in development. RoguePlanet follows several other Defender-related vulnerabilities disclosed by the same researcher, including BlueHammer, UnDefend and RedSun, all of which Microsoft has since patched.

Organisations should monitor Microsoft’s security update channels, ensure Defender components are updated automatically, reduce local administrator exposure and monitor for suspicious privilege escalation activity. Endpoint detection should also watch for unusual process behaviour involving Defender components.
This is not a reason to abandon Defender. It is a reminder that security tools are still software — and software needs patching, monitoring and configuration discipline.