Back

RoguePlanet: New Windows Defender 0-Day Exploit Grants SYSTEM Access

Severity: High (Score: 63.6)

Sources: Feeds.4Sysops, Securityaffairs.Co, Cybersecuritynews

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: rogueplanet, exploit, eclipse, windows, defender, researcher, released

Severity indicators: pla

Summary

A researcher known as Nightmare Eclipse has released a proof-of-concept exploit named RoguePlanet, targeting a race condition vulnerability in Microsoft Windows Defender. This zero-day exploit affects fully patched Windows 10 and Windows 11 systems, including the latest June 2026 security updates. When executed, RoguePlanet allows attackers to spawn a command shell with SYSTEM-level privileges, providing them with the highest access rights on the local machine. The exploit's public disclosure raises significant security concerns, as it can be leveraged for various malicious activities. Organizations using these operating systems are urged to monitor for any signs of exploitation. Currently, there are no known patches or mitigations available to address this vulnerability. The situation remains critical as the exploit is actively circulating in the cybersecurity community. Key Points: • RoguePlanet targets a race condition in Microsoft Windows Defender, allowing SYSTEM access. • Affected systems include fully patched Windows 10 and Windows 11, even with June 2026 updates. • No patches or mitigations are currently available for this zero-day exploit.

Detailed Analysis

**Impact** The exploit affects fully patched Windows 10 and Windows 11 systems, including those with the latest June 2026 security updates. Any organization or individual using these operating systems is at risk of unauthorized SYSTEM-level access, potentially compromising entire machines. No specific sectors, geographies, or data types at risk were detailed in the sources. **Technical Details** RoguePlanet exploits a previously undisclosed race condition vulnerability in Microsoft Windows Defender, allowing local privilege escalation to SYSTEM-level privileges. The attack vector involves executing a proof-of-concept exploit that spawns a command shell with SYSTEM access. No CVE identifier or additional infrastructure details were provided. Indicators of compromise (IOCs) were not disclosed. **Recommended Response** No patches or official mitigations are currently available as the vulnerability is zero-day and publicly disclosed. Defenders should monitor for unusual local command shell executions with SYSTEM privileges and implement enhanced endpoint detection rules focused on Windows Defender process anomalies. Restricting local user permissions and applying strict application control policies may reduce exploitation risk until a patch is released.

Source articles (3)

  • New Windows Defender 0-Day Exploit “RoguePlanet” Lets Attackers Gain SYSTEM — Cybersecuritynews · 2026-06-10
    A researcher known as Nightmare Eclipse (also tracked as Chaotic Eclipse or Dead Eclipse) has publicly released a new proof-of-concept (PoC) exploit named RoguePlanet, targeting a previously undisclos…
  • RoguePlanet zero — Feeds.4Sysops · 2026-06-10
    A security researcher has released a zero-day exploit named RoguePlanet that targets a race condition within Microsoft Defender. The vulnerability reportedly affects fully patched Windows 10 and Windo…
  • Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows — Securityaffairs.Co · 2026-06-10
    The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclipse,…

Timeline

  • 2026-06-10 — RoguePlanet exploit released: Nightmare Eclipse publicly disclosed the RoguePlanet exploit, targeting a race condition in Windows Defender.
  • 2026-06-10 — Exploit affects patched systems: RoguePlanet impacts fully patched Windows 10 and Windows 11 systems, including the latest security updates.

Related entities

  • Zero-day Exploit (Attack Type)
  • Cwe-362 - Race Condition (Cwe)
  • T1059.003 - Windows Command Shell (Mitre Attack)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • Microsoft Defender (Platform)
  • Windows (Platform)
  • Windows Defender (Platform)
  • RoguePlanet (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed