Microsoft Patches RoguePlanet Defender Vulnerability That Could Grant SYSTEM Level Privileges

Microsoft Patches RoguePlanet Defender Vulnerability That Could Grant SYSTEM Level Privileges

Microsoft has released security updates to address a newly disclosed vulnerability in Microsoft Defender known as RoguePlanet, nearly a month after technical details of the flaw became public. The issue, tracked as CVE 2026 50656 and assigned a CVSS score of 7.8, is a privilege escalation vulnerability affecting the Microsoft Malware Protection Engine, also known as mpengine.dll. The engine is a core component that delivers scanning, detection, and malware removal capabilities across Microsoft’s antivirus and antispyware products.

According to Microsoft, the flaw has been resolved in Microsoft Malware Protection Engine version 1.1.26060.3008, which also includes additional defense in depth improvements to strengthen unspecified security related features. RoguePlanet was initially disclosed by security researcher Chaotic Eclipse, also known as Nightmare Eclipse, who described the issue as a race condition that could be exploited to launch a shell with SYSTEM level privileges. Successful exploitation would provide attackers with extensive control over affected systems, allowing them to execute arbitrary code, alter configurations, or perform unauthorized actions with the highest level of permissions available on Windows devices.

The researcher also revealed that the exploit remained effective on systems running fully updated versions of Windows that had already installed the June 2026 Patch Tuesday updates. Further analysis indicated that the exploit could function regardless of whether Microsoft Defender’s real time protection feature was enabled or disabled. Despite the public disclosure and technical details shared by Chaotic Eclipse, Microsoft has not officially credited the researcher for discovering the vulnerability. RoguePlanet represents the fourth Microsoft Defender vulnerability disclosed by the same researcher, following BlueHammer, tracked as CVE 2026 33825, UnDefend, tracked as CVE 2026 45498, and RedSun, tracked as CVE 2026 41091. All three previously disclosed vulnerabilities have since been addressed through security updates released by Microsoft.

Microsoft stated that customers do not need to take any manual action to receive protection against CVE 2026 50656 because Microsoft antimalware products are designed to update automatically. The company explained that default configurations in its security software ensure that both malware definitions and the Microsoft Malware Protection Engine remain up to date to defend against emerging threats. Depending on the product and its configuration, Microsoft antimalware solutions can check for engine and definition updates daily and, in some cases, multiple times a day when connected to the internet. The company also noted that users and enterprise administrators retain the option to manually verify and install updates whenever necessary. The release of the patch highlights the continued focus on addressing privilege escalation vulnerabilities that could provide attackers with elevated access to Windows environments if left unpatched.

Source

Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.

Post Comment