securityaffairs.com 7/9/2026, 11:46:57 AM · external

Microsoft patches Defender bug CVE-2026-50656 after local exploit

Microsoft patches Defender bug CVE-2026-50656 after local exploit
CyberSIXT Evidence Panel
Primary Source msrc.microsoft.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

MICROSOFT has addressed a critical vulnerability in its Defender software known as RoguePlanet (CVE-2026-50656), which allows local attackers to elevate privileges through the Malware Protection Engine. The flaw was rated 7.8 on the CVSS scale and originated from a race condition that could give attackers SYSTEM-level privileges. Despite an active security update process, a security researcher demonstrated an exploit that worked even on fully updated systems.

Microsoft confirmed the flaw was fixed in version 1.1.26060.3008 of the Malware Protection Engine, which also includes additional hardening measures. This incident marks the fourth reported flaw by the researcher, highlighting ongoing vulnerabilities in Microsoft Defender.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline