Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

The Hacker News by The Hacker News
July 9, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananJul 09, 2026Vulnerability / Endpoint Security

Microsoft has released security updates for a Defender vulnerability known as RoguePlanet, nearly a month after details of the flaw became public.

The vulnerability, tracked as CVE-2026-50656 (CVSS score: 7.8), is a privilege escalation issue in the Microsoft Malware Protection Engine (“mpengine.dll”), which provides scanning, detection, and cleaning capabilities for its antivirus and antispyware software.

The issue has been remediated in Microsoft Malware Protection Engine version 1.1.26060.3008, along with defense-in-depth updates to harden unspecified security-related features. 

RoguePlanet was first disclosed by a security researcher named Chaotic Eclipse (aka Nightmare-Eclipse), describing it as a race condition that could be abused to spawn a shell with SYSTEM-level privileges. This, in turn, grants the attacker the ability to run arbitrary code or perform unauthorized actions.

The exploit has been found to work on systems running up-to-date versions of Windows with the June 2026 Patch Tuesday updates installed. Subsequently, Chaotic Eclipse also revealed that the exploit works regardless of whether real-time protection is on or not. Microsoft has not officially credited Chaotic Eclipse with the vulnerability discovery.

RoguePlanet is the fourth Defender vulnerability disclosed by the researcher after BlueHammer (CVE-2026-33825), UnDefend (CVE-2026-45498), and RedSun (CVE-2026-41091), all of which have since been patched by Microsoft.

The Windows maker said no customer action is required to install the update for CVE-2026-50656, as the software is frequently updated to secure customers against new and evolving threats.

“For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically,” Microsoft said.

“Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.”



Source link

The Hacker News

The Hacker News

Next Post
Cato Networks Announces Partner Award Winners at 2026 APJ Partner Summit

Cato Networks Announces Partner Award Winners at 2026 APJ Partner Summit

Recommended.

ICEYE to deliver space-based ISR capability to the Royal Netherlands Air Force

ICEYE to deliver space-based ISR capability to the Royal Netherlands Air Force

June 23, 2025
DXC und Anthropic geben eine mehrjährige globale Partnerschaft bekannt, um KI in geschäftskritische Unternehmenssysteme zu integrieren

DXC und Anthropic geben eine mehrjährige globale Partnerschaft bekannt, um KI in geschäftskritische Unternehmenssysteme zu integrieren

June 13, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio