arstechnica.com 7/9/2026, 9:01:19 PM · external

Patch for Windows Defender 0-day could allow attackers to fill hard disk

Patch for Windows Defender 0-day could allow attackers to fill hard disk
Developing story incident 11 articles tracked
Microsoft patches Windows Defender zero‑day elevation of privilege flaw (CVE-2026-50656)
CyberSIXT Evidence Panel
Primary Source msrc.microsoft.com
CVE Intel
CISA KEV Not in KEV
Patch Patch Available

A Microsoft patch released on July 9, 2026, addresses a zero-day vulnerability in Windows Defender, tracked as CVE-2026-50656, which could allow attackers to gain administrative control over Windows 10 and 11 machines. The vulnerability became public due to researcher NightmareEclipse, who provided exploit code relating to remote attacks.

However, the patch introduced a flaw causing Defender to potentially consume all available disk space by writing excessively large files, a problem linked to the Microsoft Malware Protection Engine. NightmareEclipse emphasized that attackers could exploit this vulnerability using a specially configured SMB server to deliver malicious files that could monopolize disk space. The situation highlights ongoing tensions between NightmareEclipse and Microsoft over vulnerability disclosures and patching practices.

View Primary Source Via arstechnica.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline