Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
A zero-day vulnerability named RoguePlanet in Microsoft Defender allows attackers to gain SYSTEM-level access on fully updated Windows 10 and 11 machines. The exploit is a race condition that can result in arbitrary code execution with the highest privileges. It has been publicly disclosed with a proof-of-concept by a security researcher known as Chaotic Eclipse. The vulnerability affects desktop Windows systems with June 2026 Patch Tuesday updates installed but does not currently work on Windows Server due to mounting restrictions. The researcher has criticized Microsoft's handling of vulnerability disclosures and has released multiple related exploits. Microsoft has condemned the public disclosures but has not yet provided an official patch.
AI Analysis
Technical Summary
RoguePlanet is a Microsoft Defender zero-day vulnerability involving a race condition that enables privilege escalation to SYSTEM level on Windows 10 and 11 with June 2026 updates. The exploit, released publicly as a proof-of-concept by the researcher Chaotic Eclipse, allows attackers to execute arbitrary code with full system privileges. While the exploit is not fully reliable on all machines, it has demonstrated a 100% success rate on some tested systems. The vulnerability does not currently work on Windows Server due to user restrictions on mounting ISO images, though the underlying flaw affects those systems as well. This disclosure follows a series of similar vulnerabilities found by the same researcher, who has publicly criticized Microsoft's vulnerability management and disclosure process. Microsoft has publicly condemned the uncoordinated disclosures but has not announced a patch or mitigation. The exploit is a race condition and involves bypassing Defender protections related to path redirection and memory corruption.
Potential Impact
Successful exploitation of the RoguePlanet zero-day grants attackers SYSTEM-level privileges on affected Windows 10 and 11 desktop systems, enabling arbitrary code execution and unauthorized actions with the highest system rights. This level of access can lead to full system compromise. The exploit works on fully patched systems as of June 2026, indicating that current updates do not mitigate this vulnerability. Windows Server systems are vulnerable but not exploitable with the current proof-of-concept due to mounting restrictions. There are no confirmed reports of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Microsoft has not publicly released a fix for this vulnerability as of the information available. Organizations should monitor official Microsoft Security Response Center (MSRC) advisories for updates. Since the exploit is a race condition involving Defender components, temporary mitigations are not detailed in the available information. Avoid running untrusted code and consider limiting user privileges where possible until an official patch is released.
Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows
Description
A zero-day vulnerability named RoguePlanet in Microsoft Defender allows attackers to gain SYSTEM-level access on fully updated Windows 10 and 11 machines. The exploit is a race condition that can result in arbitrary code execution with the highest privileges. It has been publicly disclosed with a proof-of-concept by a security researcher known as Chaotic Eclipse. The vulnerability affects desktop Windows systems with June 2026 Patch Tuesday updates installed but does not currently work on Windows Server due to mounting restrictions. The researcher has criticized Microsoft's handling of vulnerability disclosures and has released multiple related exploits. Microsoft has condemned the public disclosures but has not yet provided an official patch.
Reddit Discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
RoguePlanet is a Microsoft Defender zero-day vulnerability involving a race condition that enables privilege escalation to SYSTEM level on Windows 10 and 11 with June 2026 updates. The exploit, released publicly as a proof-of-concept by the researcher Chaotic Eclipse, allows attackers to execute arbitrary code with full system privileges. While the exploit is not fully reliable on all machines, it has demonstrated a 100% success rate on some tested systems. The vulnerability does not currently work on Windows Server due to user restrictions on mounting ISO images, though the underlying flaw affects those systems as well. This disclosure follows a series of similar vulnerabilities found by the same researcher, who has publicly criticized Microsoft's vulnerability management and disclosure process. Microsoft has publicly condemned the uncoordinated disclosures but has not announced a patch or mitigation. The exploit is a race condition and involves bypassing Defender protections related to path redirection and memory corruption.
Potential Impact
Successful exploitation of the RoguePlanet zero-day grants attackers SYSTEM-level privileges on affected Windows 10 and 11 desktop systems, enabling arbitrary code execution and unauthorized actions with the highest system rights. This level of access can lead to full system compromise. The exploit works on fully patched systems as of June 2026, indicating that current updates do not mitigate this vulnerability. Windows Server systems are vulnerable but not exploitable with the current proof-of-concept due to mounting restrictions. There are no confirmed reports of exploitation in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Microsoft has not publicly released a fix for this vulnerability as of the information available. Organizations should monitor official Microsoft Security Response Center (MSRC) advisories for updates. Since the exploit is a race condition involving Defender components, temporary mitigations are not detailed in the available information. Avoid running untrusted code and consider limiting user privileges where possible until an official patch is released.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":40,"reasons":["external_link","newsworthy_keywords:zero-day","urgent_news_indicators","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":["zero-day"],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a2906e78dd33fbd85fa818f
Added to database: 6/10/2026, 6:40:39 AM
Last enriched: 6/10/2026, 6:40:47 AM
Last updated: 6/10/2026, 7:46:20 AM
Views: 19
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.