MICROSOFT has addressed a significant zero-day vulnerability, called RoguePlanet, in Windows Defender, which was disclosed by a security researcher named Nightmare-Eclipse. The flaw, designated CVE-2026-50656, has a CVSS score of 7.8 and allows attackers to escalate user privileges to system-level access. This vulnerability is part of an ongoing feud between Nightmare-Eclipse and Microsoft, leading to the premature publication of exploits.
Microsoft released an emergency patch ahead of the scheduled Patch Tuesday due to the elevated risk associated with this flaw, which has not yet been confirmed to be exploited in the wild. Security measures recommended include updating Microsoft Malware Protection Engine and monitoring for signs of privilege escalation.