On June 10, 2026, a new zero-day vulnerability in Microsoft Defender, named ‘RoguePlanet,’ was revealed, capable of being exploited despite the latest Windows Update patches. This vulnerability was introduced by a security researcher known as Nightmare Eclipse, allowing remote code execution when a user accesses a file hosted on a remote SMB server. The flaw arises from a race condition, making its success variable across different machines. Cybersecurity firm ThreatLocker confirmed the vulnerability in their tests, noting its persistence beyond the recent updates. Nightmare Eclipse, who has a history of disclosing vulnerabilities like BlueHammer and RedSun, has expressed frustration with Microsoft’s bug bounty program, citing poor communication and account issues.
Can ‘RoguePlanet’ still exploit Microsoft Defender despite the latest patches?
