Back

New RoguePlanet Zero-Day Exploit Targets Windows Defender Vulnerability

Severity: High (Score: 71.0)

Sources: Cybersecuritynews, Feeds2.Feedburner, Securityaffairs.Co, Feeds.4Sysops

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: rogueplanet, exploit, eclipse, windows, defender, researcher, released

Severity indicators: pla

Summary

On June 10, 2026, a researcher known as Nightmare Eclipse released a proof-of-concept exploit named RoguePlanet, targeting a race condition vulnerability in Microsoft Windows Defender. This zero-day exploit allows attackers to gain SYSTEM-level privileges on fully patched Windows 10 and Windows 11 systems, including those updated with the latest June 2026 security patches. The exploit's release follows Microsoft's largest-ever Patch Tuesday, which addressed nearly 200 vulnerabilities. Researchers confirmed that the exploit effectively spawns a command shell with elevated privileges, posing a significant risk to affected systems. The vulnerability is currently unpatched, increasing the urgency for organizations to assess their defenses. Security professionals are advised to monitor for any signs of exploitation and prepare for potential mitigation strategies. Key Points: • RoguePlanet exploit allows SYSTEM-level access on fully patched Windows systems. • The vulnerability is a race condition in Microsoft Windows Defender confirmed by multiple researchers. • Microsoft's June 2026 Patch Tuesday addressed nearly 200 vulnerabilities, but RoguePlanet remains unpatched.

Detailed Analysis

**Impact** Fully patched Windows 10 and Windows 11 systems globally are affected, including those with the latest June 2026 security updates. The exploit grants attackers SYSTEM-level privileges, enabling full control over compromised machines. This can lead to unauthorized access, data theft, and disruption of business operations across all sectors using Windows Defender. **Technical Details** The exploit, named RoguePlanet, targets a previously undisclosed race condition vulnerability in Microsoft Windows Defender. It enables local privilege escalation by spawning a command shell with SYSTEM privileges. The proof-of-concept was released publicly by the researcher known as Nightmare Eclipse (also Chaotic Eclipse or Dead Eclipse). No CVE identifiers or specific IOCs were provided in the articles. **Recommended Response** Apply all available Microsoft patches from the June 2026 Patch Tuesday immediately. Monitor for unusual local privilege escalation attempts and command shell spawns with SYSTEM privileges. Harden endpoint detection rules to flag race condition exploit behaviors in Windows Defender. No specific IOCs are available; therefore, focus on behavioral detection and system integrity monitoring.

Source articles (4)

  • New Windows Defender 0-Day Exploit “RoguePlanet” Lets Attackers Gain SYSTEM — Cybersecuritynews · 2026-06-10
    A researcher known as Nightmare Eclipse (also tracked as Chaotic Eclipse or Dead Eclipse) has publicly released a new proof-of-concept (PoC) exploit named RoguePlanet, targeting a previously undisclos…
  • RoguePlanet zero — Feeds.4Sysops · 2026-06-10
    A security researcher has released a zero-day exploit named RoguePlanet that targets a race condition within Microsoft Defender. The vulnerability reportedly affects fully patched Windows 10 and Windo…
  • Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows — Securityaffairs.Co · 2026-06-10
    The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclipse,…
  • Record Microsoft Patch Tuesday, fresh zero — Feeds2.Feedburner · 2026-06-10
    Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows explo…

Timeline

  • 2026-06-10 — RoguePlanet exploit released: Nightmare Eclipse published a PoC for a zero-day exploit targeting Windows Defender's race condition.
  • 2026-06-10 — Microsoft Patch Tuesday: Microsoft released fixes for nearly 200 vulnerabilities, marking its largest Patch Tuesday to date.
  • 2026-06-10 — RoguePlanet confirmed by researchers: Various researchers confirmed the exploit's effectiveness in achieving local privilege escalation.

Related entities

  • Zero-day Exploit (Attack Type)
  • CWE-269 - Improper Privilege Management (Cwe)
  • Cwe-362 - Race Condition (Cwe)
  • T1059.003 - Windows Command Shell (Mitre Attack)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • Microsoft Defender (Platform)
  • Windows (Platform)
  • Windows Defender (Platform)
  • RoguePlanet (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed