A security researcher published a new Windows zero-day exploit that can give an attacker full SYSTEM privileges on fully patched consumer PCs. The proof-of-concept, dubbed RoguePlanet, abuses a race condition in Microsoft Defender to achieve local privilege escalation on Windows 10 and Windows 11 systems with June 2026 updates installed; the researcher says earlier versions also enabled remote code execution through malicious .vhd(x) files on remote SMB shares and BitLocker bypass paths, but the currently released exploit is validated primarily as local escalation and reportedly does not yet work on Windows Server.
Why it matters: This matters because a public exploit can help malware or intruders turn limited access on a Windows machine into full control even after current patches are installed. Organizations should watch for Microsoft guidance, restrict untrusted SMB and disk-image handling where possible, and prioritize detection for SYSTEM-level escalation from Defender-related activity.
2026.06.10
99% relevant
This article is directly about the same newly disclosed RoguePlanet Windows Defender zero-day, adding that The Register reports Microsoft is investigating the claim, that the bug targets Microsoft Defender on fully patched Windows 10 and 11 systems, and that Nightmare Eclipse released PoC exploit code after June Patch Tuesday.
Ionut Arghire
2026.06.10
100% relevant
The article establishes a distinct new event: the public release and validation of a new, currently unpatched Microsoft Defender/Windows privilege-escalation exploit called RoguePlanet, separate from the previously tracked YellowKey and other Nightmare Eclipse disclosures.
← Back to all stories