THE article discusses a new proof-of-concept (PoC) exploit named RoguePlanet released by a researcher known as Nightmare-Eclipse. This exploit takes advantage of a zero-day vulnerability in Windows Defender, enabling attackers to gain SYSTEM-level access to compromised Windows machines. This is part of a continuing feud between Nightmare-Eclipse and Microsoft, who have previously faced multiple zero-day disclosures from the researcher.
Nightmare-Eclipse cites Microsoft’s inadequate responses to vulnerabilities as motivation for this ongoing release of exploits. Microsoft has criticized these disclosures as irresponsible and threatened possible legal action against researchers who disclose unpatched vulnerabilities. Security experts express concern about the negative impact such disclosures could have on customers, emphasizing the urgent need for improved communication between researchers and companies.