Chaotic Eclipse's new RoguePlanet
RoguePlanet is a newly disclosed Windows Defender vulnerability involving a race condition exploit that can spawn a SYSTEM shell if successful. The proof-of-concept (PoC) has been tested on Windows 10 and Windows 11 with June 2026 patches applied, showing variable success rates depending on the machine. Windows Server versions are believed to be vulnerable as well, though the current PoC does not work on them due to user restrictions on mounting ISO images. The exploit targets a race condition in Windows Defender, allowing privilege escalation to SYSTEM level.
AI Analysis
Technical Summary
RoguePlanet is a race condition vulnerability in Windows Defender disclosed by Chaotic Eclipse and publicly available as a proof-of-concept on GitHub. The exploit attempts to gain SYSTEM privileges by exploiting a timing issue. It has been tested on Windows 10 and Windows 11 with the June 2026 patches installed, achieving up to 100% success on some machines but less on others. Although the PoC does not currently work on Windows Server due to ISO mounting restrictions for standard users, the author believes all Windows Server versions are vulnerable and that the exploit could be redesigned to work there as well. The vulnerability allows spawning a SYSTEM shell upon successful exploitation.
Potential Impact
Successful exploitation of this race condition vulnerability in Windows Defender allows an attacker to escalate privileges to SYSTEM level, granting full control over the affected Windows machine. This could enable execution of arbitrary code with the highest privileges, potentially compromising system integrity and confidentiality. The exploit's success rate varies by machine and environment, and currently does not work on Windows Server without modification.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the exploit targets a race condition in Windows Defender, monitor official Microsoft advisories for patches or mitigations. No official fix or temporary workaround is currently documented. Until a patch is available, limit exposure by restricting user permissions and monitoring for suspicious privilege escalation attempts. Note that the PoC requires mounting ISO images, which may limit exploitation on some systems.
Chaotic Eclipse's new RoguePlanet
Description
RoguePlanet is a newly disclosed Windows Defender vulnerability involving a race condition exploit that can spawn a SYSTEM shell if successful. The proof-of-concept (PoC) has been tested on Windows 10 and Windows 11 with June 2026 patches applied, showing variable success rates depending on the machine. Windows Server versions are believed to be vulnerable as well, though the current PoC does not work on them due to user restrictions on mounting ISO images. The exploit targets a race condition in Windows Defender, allowing privilege escalation to SYSTEM level.
Reddit Discussion
It seems Chaotic eclipse has release a new Windows Defender Vulnerability by the name RoguePlanet.
It is worth mentioning today is Patch Tuesday.
Found here: https://github.com/MSNightmare/RoguePlanet
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
RoguePlanet is a race condition vulnerability in Windows Defender disclosed by Chaotic Eclipse and publicly available as a proof-of-concept on GitHub. The exploit attempts to gain SYSTEM privileges by exploiting a timing issue. It has been tested on Windows 10 and Windows 11 with the June 2026 patches installed, achieving up to 100% success on some machines but less on others. Although the PoC does not currently work on Windows Server due to ISO mounting restrictions for standard users, the author believes all Windows Server versions are vulnerable and that the exploit could be redesigned to work there as well. The vulnerability allows spawning a SYSTEM shell upon successful exploitation.
Potential Impact
Successful exploitation of this race condition vulnerability in Windows Defender allows an attacker to escalate privileges to SYSTEM level, granting full control over the affected Windows machine. This could enable execution of arbitrary code with the highest privileges, potentially compromising system integrity and confidentiality. The exploit's success rate varies by machine and environment, and currently does not work on Windows Server without modification.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the exploit targets a race condition in Windows Defender, monitor official Microsoft advisories for patches or mitigations. No official fix or temporary workaround is currently documented. Until a patch is available, limit exposure by restricting user permissions and monitoring for suspicious privilege escalation attempts. Note that the PoC requires mounting ISO images, which may limit exploitation on some systems.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a2876be8dd33fbd85780410
Added to database: 6/9/2026, 8:25:34 PM
Last enriched: 6/9/2026, 8:25:39 PM
Last updated: 6/10/2026, 5:03:48 AM
Views: 25
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.