Microsoft patches critical RoguePlanet zero‑day in Defender
Microsoft released an update on 8 July 2026 to fix the zero‑day vulnerability known as RoguePlanet (CVE‑2026‑50656) in the Microsoft Malware Protection Engine that powers Defender, Security Essentials and System Center Endpoint Protection. The flaw is an elevation‑of‑privilege race condition that can let a low‑privilege attacker gain SYSTEM rights on Windows 10 and 11 machines. It carries a CVSS score of 7.8. The patch upgrades the engine to version 1.1.26060.3008, which is distributed automatically through Defender’s regular update channel and appears in Windows Update. Microsoft says there is no evidence of active exploitation in the wild, but warns that exploitation is “more likely” and advises administrators to verify the engine version via PowerShell. The vulnerability was publicly disclosed by researcher “Nightmare Eclipse,” who also released a proof‑of‑concept exploit shortly after the June 2026 Patch Tuesday. The update does not require a separate cumulative KB; it is applied automatically for most users, though the fix is visible in the update logs. Prompt installation is recommended to prevent potential privilege‑escalation attacks on enterprise and consumer systems.