Microsoft Defender Zero-day Vulnerability (CVE-2026-50656) (RoguePlanet)

Microsoft announced the disclosure of a Defender zero-day named RoguePlanet. Tracked as CVE-2026-50656, successful exploitation of the vulnerability may allow an attacker to gain SYSTEM-level access.

Microsoft mentioned in the advisory that they are aware of an elevation-of-privileges vulnerability in the Microsoft Malware Protection Engine in Microsoft Defender.

Microsoft Defender is a family of cybersecurity and antivirus solutions developed by Microsoft. It protects devices against malware, ransomware, and phishing attacks. The name often refers to either the free antivirus built into Windows or the broader suite of security services for homes and businesses.

A security researcher named Chaotic Eclipse (aka Nightmare-Eclipse) released the exploitation details of the vulnerability named “RoguePlanet”. The security researcher described the exploit as a race condition that could allow attackers to have a shell with SYSTEM-level privileges.

Affected Versions

The vulnerability affects all versions of the Microsoft Malware Protection Engine version 1.1.26050.11.

Mitigation

Microsoft has released a patch to address the vulnerability on July 8, 2026.

Users must upgrade to the Microsoft Malware Protection Engine version 1.1.26060.3008 to patch the vulnerability.

For more information, please refer to the Microsoft Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 92413 to detect vulnerable assets.

Continue following Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-50656

Author: Diksha Ojha

Senior Technical Writer

Leave a Reply

Your email address will not be published. Required fields are marked *