A Microsoft patch released on July 9, 2026, addresses a zero-day vulnerability in Windows Defender, tracked as CVE-2026-50656, which could allow attackers to gain administrative control over Windows 10 and 11 machines. The vulnerability became public due to researcher NightmareEclipse, who provided exploit code relating to remote attacks.
However, the patch introduced a flaw causing Defender to potentially consume all available disk space by writing excessively large files, a problem linked to the Microsoft Malware Protection Engine. NightmareEclipse emphasized that attackers could exploit this vulnerability using a specially configured SMB server to deliver malicious files that could monopolize disk space. The situation highlights ongoing tensions between NightmareEclipse and Microsoft over vulnerability disclosures and patching practices.